• World CyberCon India
Data Breaches Firewall Daily

AT&T Denies Data Leak of 23 Million SSNs of American Citizens

AT&T denies the recent data leak of 23 million SSNs of American citizens and says that a credit company should have been compromised but not them.

AT&T Denies Data Leak of 23 Million SSNs of American Citizens
  • PublishedAugust 17, 2022

American telecommunications giant AT&T has denied any connection to a stolen database of 23 million Americans. Milwaukee-based cybersecurity company Hold Security reportedly found the database worth 3.6 GB on a dark web platform. The database includes social security numbers of American citizens, and reports suggest that the data links to AT&T.

The company presented a piece of evidence that could link the stolen database back to AT&T. According to Hold Security, the stolen data includes the email addresses with extensions, such as “att.net,” “SBCGLobal.net,” or “Bellsouth.net.” The archive was saved on the platform as “dbfull” and contained 28.5 million records; among them, 23 million had unique SSNs of American citizens.

Hold Security links the stolen data to AT&T

According to Alex Holden, the founder of Hold Security, the stolen data has a number of patterns linked back to AT&T customers. For example, 13.7% of all addresses in the database had endings with an “att.net” extension. In comparison, addresses from SBCGLobal.net and Bellsouth.net (AT&T subsidiaries) account for another 7%. Additionally, over 30% of addresses have data of Gmail users, and Yahoo addresses account for 24%.

However, AT&T denies these allegations stating that the data was not leaked or stolen from their systems, adding that it may be linked to a previous data theft at some other company. The spokesperson for AT&T also shared concern about the incident, saying that it is unfortunate that stolen data continues to resurface on the dark web.

AT&T claims that this alleged stolen data has resurfaced many times over the years. The company also claimed that they had previously examined the same data using forensic analysis and discovered that the data didn’t have any links to them.

Moreover, the telecom giant suggests that the stolen data could be linked to a credit agency, which might have been compromised. The company didn’t name any particulate credit agency, but AT&T has been compromised before, especially in the 2021 attack where a hacker auctioned data of 70 million AT&T users. The telecommunications giant refused the data theft from the 2021 incident, and it also seems to be denying the leak from this case.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

1 Comment

Comments are closed.