AT&T announced on Saturday that it is investigating a significant data breach affecting the personal information of more than 73 million current and former customers.
The company reported that a data set containing records for roughly 7.6 million active AT&T accounts and about 65.4 million former accounts has appeared on the dark web.
AT&T’s initial review indicates the exposed information likely dates back to 2019 or earlier. The company said it has not yet determined whether the data originated from AT&T’s internal systems or from a third-party vendor.
As a precaution, AT&T has reset account passcodes for the 7.6 million current customers whose accounts appear in the leaked data. The company also plans to offer credit monitoring services where applicable to help mitigate the risk of fraud or identity theft.
Anne Cutler, a cybersecurity expert at Keeper Security, warned the breach is particularly serious because the compromised files reportedly include personally identifiable information such as names, email addresses, physical addresses, and Social Security numbers.
“The immediate concern is the potential exploitation of this exposed data, which could lead to identity theft, phishing attacks, and unauthorized access to accounts,” Cutler said.
Cutler recommended that affected current and former AT&T customers assume their information may already be in the hands of malicious actors. She advised steps including changing login credentials, enrolling in dark web monitoring services, freezing credit reports, using strong unique passwords, enabling multi-factor authentication, keeping software up to date, and maintaining good cyber hygiene.
For businesses, Cutler urged enhanced monitoring of network traffic, conducting security audits, enforcing strict access controls, and deploying privileged access management solutions to reduce exposure.
Tim Kravchunovsky, founder and CEO of decentralized telecommunications network Chirp, described the incident as a “wake-up call.” He advocated for stronger protections, including blockchain-based storage that offers immutability, enterprise-grade encryption, and multiple layers of defense against attack vectors.
This breach adds to a growing list of security incidents involving major companies. AT&T, which provides 5G services to roughly 290 million customers across the United States, faces renewed scrutiny from consumer privacy advocates concerned about the frequency and scale of such breaches.
AT&T said it is notifying affected individuals and working to determine the full scope of the incident.
(Photo by Brendan Stephens)
See also: FCC denies spectrum request for Starlink’s mobile service
Unified Communications is a two-day event held in California, London, and Amsterdam that explores the future of workplace collaboration in a digital world. The event runs alongside other technology conferences that cover digital transformation, IoT, edge computing, intelligent automation, AI and big data, and cybersecurity.
Discover other upcoming enterprise technology events and webinars powered by TechForge.