AT&T says personal data from current and former account holders leaked onto dark web

AT&T has initiated an inquiry into the origin of a data breach encompassing personal details of 73 million existing and past customers.

In a press release issued Saturday morning, the telecommunications behemoth stated that the data had surfaced "on the dark web roughly two weeks ago," comprising sensitive information like Social Security numbers of account holders.

“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company added. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”

The data appears to be from 2019 or earlier. According to AT&T, the breach does not seem to include financial data or specifics regarding call logs. The company disclosed that around 7.6 million present account holders and 65.4 million former account holders have been affected.

AT&T has begun reaching out to customers, urging them to reset their account passwords. Additionally, it advises customers to stay vigilant regarding any alterations to their accounts or credit reports, with AT&T committing to providing credit monitoring at its expense where applicable.

The company became aware of a potential breach approximately two weeks ago. The leak was initially reported by an entity known as X account vx-underground on March 17.