Nothing strikes fear in our hearts as much as cybercrimes do these days, and the investigation into the AT&T data breach details is an example of why we’re so worried. Over the weekend, information regarding the AT&T data breach and their response was revealed to the public—the Social Security details of 7.6 million current account holders and 65.4 million former account holders were found on the dark web. The massive scale of the data breach is staggering but considering the company is one of the largest mobile service providers in the U.S., the numbers aren’t surprising. The AT&T data breach leaked customer information to unmonitored sources and the company is now in active damage control mode to try and contain the issue.

AT&T data breach response

Image: AT&T

Investigating the AT&T Data Breach Details

With a 46.9 percent market share of wireless subscriptions in the third quarter of 2023, AT&T, known for dominating the market, has built up quite a reputation for itself. Unfortunately, the impact of the AT&T data breach may not reflect positively on the company. The initial press release indicated that customer information from the company was leaked onto the dark web and the data set appears to be from 2019 or earlier. This includes the information of 7.6 million current AT&T account holders and approximately 65.4 million former account holders who were subscribed to the company’s services in the past.

The nature of the information that was leaked varies between customers but rough estimates of the content include “full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.”

The source of the leak is unclear as the AT&T data breach details do not include any evidence that any unauthorized sources have accessed the company’s own systems. The company remains uncertain if the data originated from the company or one of its vendors. The ambiguity makes it harder to rectify and close off vulnerabilities that might allow further incidents to occur. 

AT&T Data Breach Response

The ideal course of action would be to implement measures to cut off access to the company’s data set to prevent future leaks but until the source is determined, that will remain difficult to accomplish. In response to the incident, the company reports that “AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” which means the matter is still under scrutiny. We may receive further updates from the company in the upcoming weeks.

The offenders behind the AT&T data breach leaked customer information that can have lasting effects on the victims. To support those affected, the company has offered to provide credit monitoring services to track the use of their personal information and prevent any misuse of it as far as possible. They have also recommended that customers set up fraud alerts from credit bureaus such as Equifax and TransUnion, but not all the affected customers are going to be able to navigate these services on their own. 

How to Check If I Was Affected by AT&T Data Breach?

Apart from sharing the details about the AT&T data breach, the company has proactively reached out to the affected customers to reset their passcodes and provide additional assistance where applicable. As a precautionary measure, the company has reset the four-digit passcodes for active accounts that have been impacted. You can go to your AT&T profiles and edit your passcode to update and reset it yourself. It might be a good idea to change the code even if you aren’t among those affected. Monitoring your account more closely over the next few weeks is essential to protect yourself, regardless of the AT&T data breach response.

The company has reached out to affected accounts by email or mail, detailing what was found online and the response by AT&T to the data breach. If your data is part of the leak, the company will provide identity theft and credit monitoring services to track if your information is used anywhere else. 

Cybersecurity Concerns Need To Take Centerstage

This isn’t the first time an AT&T data breach leaked customer information but sensitive data was not exposed in the last incident. Back in March 2023, the company reached out to around 9 million customers that an attack on a third-party vendor had exposed information regarding customers’ wireless plans to outside sources but that was the extent of the leaked information. Before that, in August 2022, Hold Security found personal information related to 23 million AT&T customers online, and that breach had included personal data. 

Cybersecurity is a difficult field to stay ahead of considering how quickly a single vulnerability can be exploited by hackers always on the lookout for a weakness in the chain. The sheer volumes of data a company handles at any given point, and the number of access points to the information, make it difficult to monitor. Regardless of the difficulty, however, companies that acquire customer information bear the responsibility of safeguarding it. Each organization needs to channel its resources towards monitoring its networks and updating them consistently to prevent any data breaches from taking place.