AT&T Resets Millions of Passcodes After Data Breach Confirmation

The US telecom giant, AT&T, announced on Saturday that it had reset security passcodes of millions of active customers, following the dark web release of a massive dataset containing AT&T customer records.

“It has come to our attention that a number of AT&T passcodes have been compromised,” AT&T said.

Though AT&T did not disclose how and when the breach occurred, and why it went unnoticed, the company confirmed that the leak affected 7.6 million of its active members and 65 million former customers.

“Our internal teams are working with external cybersecurity experts to analyze the situation. To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” AT&T continued.

The affected customers’ leaked data varied from customer and account, but it may include full name, mailing and email address, phone number, social security number, date of birth, AT&T account number, and passcode.

As a mitigation measure, the company will be reaching out to impacted customers via email or letter, in addition to offering complementary identity and credit monitoring services. AT&T has also reset compromised account passcodes and provided FAQ guidelines to customers wanting to reset them.

This comes weeks after the company’s denial that its system was compromised. In a public statement, AT&T said that it was unsure about the origin of the leaked data, “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”

Reports of the data leak first appeared in 2021, which was denied by AT&T. The present data leak confirmation and password reset was due to a report by TechCrunch, about public availability of AT&T’s encrypted account passcodes.

In its report, TechCrunch said that it “held the publication of this story until AT&T could begin resetting customer account passcodes.”