AT&T confirmed news of a data leak reported by various
sources online. The breach affected sensitive information belonging to both current
and former customers; 7.6 million and 65 million of them, respectively.
According to AT&T itself, the leaked data may have contained a user’s full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode. The company also added that the data set seems to be from 2019 or before and does not contain personal financial information or call history.
AT&T has since reset the security passcodes of all affected
active customers and sent them emails / letters explaining what data was
included and how the company is working to help them recover it.
AT&T passcodes are four-digit numerical PINs that
customers use for their account security on phone calls with company support or
in-store verification. According to one analysis by a security researcher, the
passcodes were easy to decode. Meanwhile, AT&T is trying to figure the problem
out with help from external cybersecurity experts, but has not reached any evidence
of authorized access to its systems yet.
