Two weeks after a massive amount of data, including supposedly sensitive information on more than 70 million AT&T customers, was put up for sale on the Dark Web, the telecommunications company has admitted that the list includes legitimate customer information.
But while AT&T confirmed that the data is authentic, the company stressed that the ongoing investigation has produced no evidence that it was exfiltrated from AT&T systems, adding that investigators are still making assessments. In the days after the data was made available for sale, the company rejected the idea that its systems were compromised.
It is worth noting that in the wake of a similar AT&T data leak in 2021, the company also denied a compromise of its systems when a different database purporting to contain information on 70 million of the company’s users was auctioned on the Dark Web.
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” it said AT&T Statement on Latest Data Leak explained. “Based on our preliminary analysis, the data set appears to date back to 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
As more details emerge about the data leak, experts like Zendata CEO Narayana Pappu say AT&T obviously needs to fix it.
“The concern is primarily about the internal processes of AT&T, which originally denied that a data breach had occurred in 2021 before admitting it,” Pappu said in a statement. “Assuming this information is from the previous hack (2021), hopefully AT&T has already rolled out the remediation, asking users to update their information. If not, AT&T should evaluate the processes it has in place to identify the exposure and repair.”
The millions of current and former AT&T customers potentially affected by the data leak must understand the severity of the compromise, according to a statement from Anne Cutler, cybersecurity advocate at Keeper Security.
“The severity of this data breach is significantly increased due to Personally Identifiable Information (PII), including full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, account numbers AT&T and access codes, which were part of the compromised data” said Cutler. “The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks and unauthorized access to user accounts.”