Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

Leaked Dataset Belongs to AT&T Current and Former Customers

Data of 75 Million Individuals, Including SSNs, Posted on Criminal Forum
Leaked Dataset Belongs to AT&T Current and Former Customers
AT&T headquarters at Whitacre Tower in Dallas, Texas

AT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

The admission is a reversal from years of insisting that the dataset, first posted on a criminal forum in 2021, did not appear to have come from its systems (see: After 70M Individuals' Data Leaks, AT&T Denies Being Source).

In a statement, AT&T said an analysis of the dataset revealed "AT&T data-specific fields." The dataset reentered criminal circulation earlier this month after a user of a criminal web forum accessible on the clear web posted the set without charging a fee for its download.

The company isn't necessarily taking responsibility for the breach. "It is not yet known whether the data in those fields originated from AT&T or one of its vendors," the corporate statement says.

"Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set," it also said. The incident has not had a material impact on its operations, it added.

The dataset, which contains Social Security numbers as well as names, addresses and phone numbers, appears to be from 2019 or earlier. Of the 75 million total, 7.6 million pertain to current customers while the remainder belong to former subscribers, the company said.

The data "is now in very broad circulation. It is undoubtedly in the hands of thousands of internet randos," said data breach expert Troy Hunt after the dataset resurfaced in March.

Whoever stole the data from whatever source, the responsible hacker also apparently obtained the private key used to encrypt the data, Hunt said.

"As I'm fond of saying, there's only one thing worse than your data appearing on the dark web: it's appearing on the clear web. And that's precisely where it is; the forum this was posted to isn't within the shady underbelly of a Tor hidden service, it's out there in plain sight on a public forum easily accessed by a normal web browser," he said.

AT&T said it is contacting affected individuals and will monitor credit monitoring. It also created an online FAQ for potentially affected individuals. "We take cybersecurity very seriously," it says.

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.