AT&T Data Breach Impacts 73 Million

More than 70 million current and former AT&T customers may have been impacted by a data breach.

AT&T announced that the personal data of 7.6 million current account holders and 65.4 million former account holders was released as part of a data set on the dark web in mid-March. 

The company said it does not know if the data originated from AT&T or one of its vendors, but that it includes personal information including social security numbers and passwords.

AT&T said it is investigating the incident with both internal and external cybersecurity experts and that based on preliminary analysis, the company said the data set is from 2019 or earlier. 

It also said there is no evidence of any unauthorized access to AT&T systems.

Lisa Plaggemier, executive director of the National Cybersecurity Alliance, told IoT World Today that a breach of this scale poses significant risks to individuals' personal and financial security, with the exposure of sensitive information such as social security numbers, account details and contact information.. 

“This vulnerability extends to various forms of identity theft, fraud, and targeted cyberattacks, including sophisticated social engineering tactics like phishing,” Plaggemier said. “The data obtained from the breach could be leveraged by malicious actors to craft convincing phishing attempts, exploiting personal information to manipulate victims into disclosing further sensitive data or downloading malware, amplifying the challenges of containing and mitigating its fallout.”

Related:Fidelity Data Breach Impacts More Than 28,000 Customers

Plaggemier said immediate actions should be taken to address the risks of an extensive breach by changing passwords, monitoring accounts for suspicious activity and even considering freezing credit. 

AT&T has reached out to those impacted and reset their passwords. The company is also contacting former account holders whose personal information was compromised. 

“Telecommunications companies must bolster cybersecurity measures through enhanced encryption, continuous monitoring and comprehensive employee training on identifying and thwarting phishing attacks,” Plaggemier said. “Collaboration among industry stakeholders, cybersecurity experts and regulators is crucial to fortify defenses and ensure compliance with data protection regulations.