AT&T, the United States' largest telecommunications provider, recently disclosed that a dataset containing sensitive details of about 73 million of its account holders from 2019 or earlier was discovered for sale on the dark web. This dataset includes sensitive data such as passcodes, Social Security numbers, email and mailing addresses, phone numbers, and birthdates.
Following this security breach, AT&T has contacted all impacted customers to notify them of the incident and advised them to reset their passcodes. Additionally, the company has cautioned customers to be alert to emails requesting password changes and to verify their authenticity directly with AT&T before responding. The risk of cybercriminals exploiting this breach by dispatching phishing emails with malicious links has heightened.
The source of the breach is under investigation, with AT&T considering whether it originated internally or was caused by an external vendor. The company may engage computer forensics experts to help determine the precise cause.
AT&T is now tasked with removing any malware that might be in its customer account system and ensuring uninterrupted service for those not affected by the breach. The company expects to incur significant costs related to the investigation, remediation, potential legal actions, and associated legal fees.
