AT&T resets passcodes after data breach affecting 73M

• It’s not an April Fool’s joke – it's another data breach 

• About 7.6 million current AT&T customers and 65.4 million former account holders were affected

• AT&T will be offering credit monitoring ‘where applicable’

Unfortunately, it isn’t an April Fool’s joke. Over the weekend, AT&T issued a statement saying it’s investigating the source of a data leak that affected about 73 million current and former customers.

The information, which was leaked on the dark web, varied by customer and account but may have included a customer’s full name, email address, mailing address, Social Security number, phone number, date of birth, AT&T account number and passcodes.

AT&T said that based on a preliminary analysis, the data set appears to be from 2019 or earlier, impacting about 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

The leaked data doesn’t appear to contain personal financial information or call history. The company said it will be offering credit monitoring at AT&T’s expense “where applicable.”

Known unknowns

“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company stated. “AT&T has launched a robust investigation supported by internal and external cybersecurity experts.”

The company is reaching out to impacted customers and has reset passcodes. A company representative didn’t specify to Fierce which kinds of customers were affected and referred questions to this FAQ page.

TechCrunch first reported the passcode reset. The publication explained that it informed AT&T of the leaked data but delayed publication of its story until AT&T could begin resetting customer account passcodes.

TechCrunch also said it was the first time AT&T had acknowledged that the leaked data belonged to its customers – some three years after a hacker claimed credit for the theft.  

In Saturday’s press release, AT&T said the data breach did not have a material impact on AT&T's operations. 

The breach comes after AT&T experienced a severe service outage in February that affected cell phone customers across the country. AT&T blamed the outage on a coding error and didn’t elaborate. An FCC investigation is underway.