AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.

In a statement released Saturday, AT&T said, “[I]t is not yet known whether the data in those fields originated from AT&T or one of its vendors,” and that the source of the data was “still being assessed.” The company said it does not have evidence of unauthorized access to its systems.

The data set potentially included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, account numbers, and passcodes, according to an FAQ the company published on its website.

It contained personal information on 7.6 million current AT&T users and 65.4 million former users and appears to be from 2019 or earlier, the company said.

In a note to customers, AT&T said it reset the passcodes on the accounts of all active customers.

The telecommunications firm added customers will receive credit monitoring services at AT&T’s expense, where applicable.

The company said the incident has not had a material impact on its operations.

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.View full Profile

More from Aaron Nicodemus

Topics