AT&T (NYSE:T) has reset the passcodes for about 7.6 million current customers after a data breach led to their personal information being leaked on the dark web.
The leak, which occurred two weeks ago and affects data from over 65 million former account holders, was detected with information dating back to 2019 or earlier, including names and Social Security numbers, the telecom company said on Saturday.
The breach's origins still remain unclear. AT&T shares are down 1.5% in premarket trading Monday.
AT&T said its internal review “hasn’t turned up evidence of unauthorized access to its systems resulting in exfiltration of the data set." Despite this, the company is conducting a thorough investigation with the help of both internal and external cybersecurity experts to understand the breach's full scope. The investigation is still in its initial stages.
The telecom giant has informed the affected customers and is offering credit monitoring services to help mitigate any potential fallout from the breach. It has also assured that the incident has not significantly impacted its operational capabilities.
The breach was first reported by TechCrunch after a seller listed the full data set on a known cybercrime forum in March. Following TechCrunch's report, which noted the inclusion of encrypted passcodes potentially exploitable for hacking, AT&T took steps to protect its customers by resetting passcodes.
This security issue follows a recent network failure last month, attributed to "an incorrect process used as we were expanding our network," as explained by an AT&T spokesperson. The outage left many without cellphone service for several hours, prompting an official apology from the company.