Telecommunications giant AT&T has confirmed that 7.6 million current and 65.4 million former customers have had their personal data compromised. The data stolen isn't uniform, but may include, as AT&T detailed, "full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."
AT&T passcodes are four-digit pins, and those belonging to the 7.6 million current customers who had theirs compromised have been reset. AT&T has reached out to everyone affected with an email or letter.
The information is apparently from 2019 or perhaps earlier, which is why so much of it relates to former customers. No one has been blamed or taken credit for the breach yet, and AT&T has said it "does not have evidence of unauthorized access to its systems resulting in theft of the data set."
This may in fact be the same data offered for sale on a hacking forum back in 2021, as reported by Bleeping Computer, for a starting price of $US200,000. At the time, AT&T denied the data belonged to its customers though, saying, "Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems."
