AT&T Resets Passcodes for 7.6 Million Customers Following Dark Web Data Leak

AT&T has reset passcodes for 7.6 million current customers and 65.4 million former subscribers following a data leak discovered on the dark web. The leaked information, dating back to 2019 and earlier, varies in content, potentially including full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers. However, no personal financial data or call history was included. AT&T notified affected customers via email or letter and advised them to monitor their accounts and credit reports. Customers can change their passcodes through their myAT&T profile page. The company is investigating the breach with cybersecurity experts but has not determined whether the data originated from its systems or a vendor. The leak was initially reported to AT&T by TechCrunch, who delayed publishing until passcodes could be reset.

Notice from AT&T:
“It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6 million impacted customers and have reset their passcodes. Additionally, we will be communicating with current and former account holders whose sensitive personal information may have been compromised.

Our internal teams are collaborating with external cybersecurity experts to analyze the situation. To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.

We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport[.]com” (AT&T, 2024).