Company said personal data was compromised; investigating source of the breach

Liz Hughes, Editor, IoT World Today

April 1, 2024

2 Min Read
An AT&T sign hangs outside of a store on April 01, 2024, in Miami, Florida
Joe Raedle/Getty Images

More than 70 million current and former AT&T customers may have been impacted by a data breach.

AT&T announced that the personal data of 7.6 million current account holders and 65.4 million former account holders was released as part of a data set on the dark web in mid-March. 

The company said it does not know if the data originated from AT&T or one of its vendors, but that it includes personal information including social security numbers and passwords.

AT&T said it is investigating the incident with both internal and external cybersecurity experts and that based on preliminary analysis, the company said the data set is from 2019 or earlier. 

It also said there is no evidence of any unauthorized access to AT&T systems.

Lisa Plaggemier, executive director of the National Cybersecurity Alliance, told IoT World Today that a breach of this scale poses significant risks to individuals' personal and financial security, with the exposure of sensitive information such as social security numbers, account details and contact information.. 

“This vulnerability extends to various forms of identity theft, fraud, and targeted cyberattacks, including sophisticated social engineering tactics like phishing,” Plaggemier said. “The data obtained from the breach could be leveraged by malicious actors to craft convincing phishing attempts, exploiting personal information to manipulate victims into disclosing further sensitive data or downloading malware, amplifying the challenges of containing and mitigating its fallout.”

Related:Fidelity Data Breach Impacts More Than 28,000 Customers

Plaggemier said immediate actions should be taken to address the risks of an extensive breach by changing passwords, monitoring accounts for suspicious activity and even considering freezing credit. 

AT&T has reached out to those impacted and reset their passwords. The company is also contacting former account holders whose personal information was compromised. 

“Telecommunications companies must bolster cybersecurity measures through enhanced encryption, continuous monitoring and comprehensive employee training on identifying and thwarting phishing attacks,” Plaggemier said. “Collaboration among industry stakeholders, cybersecurity experts and regulators is crucial to fortify defenses and ensure compliance with data protection regulations.

About the Author(s)

Liz Hughes

Editor, IoT World Today, IoT World Today

Liz Hughes is an award-winning digital media editor with more than two decades of experience in newspaper, magazine and online media industries. 

A proven digital media strategist and editor, Liz has produced content and offered editorial support and leadership for a variety of web publications, including Fast Company, NBC Boston, Street Fight, QuinStreet, WTWH Media, AOL/Patch Media and Design News.

A skilled social media strategist experienced in developing and maintaining an audience across multiple platforms and brands, Liz also enjoys sharing her knowledge and expertise to help businesses small and large.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like