AT&T announced Saturday that it is investigating an incident two weeks ago that led to millions of customers’ data being published on the dark web, a portion of the Internet that can only be accessed using special software.
The company has reset the passcodes of the 7.6 million current users who were impacted and said it is actively contacting those customers, along with the 65.4 million former account holders who also had their data compromised.
“As of today, this incident has not had a material impact on AT&T’s operations,” the company wrote in a press release on Saturday.
AT&T’s preliminary review found that the leaked data was from approximately 2019 or earlier and included personal information such as names, home addresses, phone numbers, dates of birth, and Social Security numbers. The data set does not contain personal financial information or call history.
AT&T has encouraged users, who will receive an email if they were affected, to set up fraud alert accounts and monitor their account activity and credit reports. The company has not yet identified the source of the leak.
In February, AT&T customers experienced an hours-long cellular outage, which the company clarified resulted from a system issue, not a cyberattack. The company’s CEO, John Stankey, later apologized for that incident and provided customer credits to those impacted.
CLARIFICATION: AT&T said it is investigating an incident two weeks ago that led to millions of customers’ data being published on the dark web. It is unclear whether there was a breach of the system.