Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Data from 73 million AT&T accounts leaked to dark web, company says

A man walks with an umbrella outside of AT&T corporate headquarters on March 13, 2020, in Dallas, Texas.  (Ronald Martinez)
By Rachel Lerman Washington Post

Information from 73 million current and former AT&T accounts appears to have been leaked onto the dark web, the communications company said Saturday.

The data set was released about two weeks ago onto the dark web, which can be used for illegal activity by anonymous criminals. It may have included information such as Social Security numbers, phone numbers, email addresses, full names, dates of birth and mailing addresses, according to AT&T’s note to customers. The company said it reset the passcodes of 7.6 million current customers.

The company said it is investigating with the help of inside and outside cybersecurity experts, and has not determined yet if the data came from AT&T or one of its vendors.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the company said in a statement.

The data appears to be from 2019 or earlier, and contains information from 7.6 million current AT&T account holders and about 65.4 million former account holders, AT&T said.

The company said it was notifying customers whose data was leaked and would pay for credit monitoring when applicable.

Many high-profile companies have suffered data breaches, including both of AT&T’s biggest rivals. Verizon has seen multiple reports of information leaks over the years, and T-Mobile has had at least eight incidents since 2018, including a 2021 instance in which hackers stole the data of millions of customers.

This year, a hack at a third-party company may have exposed the account information of American Express cardholders.

AT&T was thrust into a harsh spotlight last month when a massive cellphone outage affected more than 1.7 million customers and disrupted 911 services in some states. The company said it was caused by a technical error, not a cyberattack.