AT&T confirms information breach and resets thousands and thousands of buyer passcodes

AT&T has acknowledged {that a} information leak making the rounds on-line incorporates data from greater than 7.6 million present clients and 65 million former clients. The corporate has reset the safety passcodes of energetic clients affected, and says that leaked data “might have included full identify, electronic mail handle, mailing handle, telephone quantity, social safety quantity, date of delivery, AT&T account quantity and passcode.”

AT&T is reaching out to affected clients by way of “electronic mail or letter” to allow them to know what information was included and what it’s doing for patrons in response.

The corporate’s acknowledgment that the leaked information is actual — the primary reports of the leak emerged in 2021 — solely got here after TechCrunch notified AT&T of the vulnerability of its encrypted passcodes on Monday. The passcodes are sometimes four-digit numerical PINs used for account safety on telephone calls with firm assist or in-store verification and a safety researcher’s evaluation revealed that it was “straightforward to decipher” the passcodes.

This FAQ says clients can arrange free fraud alerts from credit score bureaus Equifax, Experian, and TransUnion. In keeping with AT&T, the info set “seems to be from 2019 or earlier and doesn’t comprise private monetary data or name historical past.” The corporate says it’s working with “exterior cybersecurity consultants to research the scenario,” and that up to now it has no “proof of approved entry” to its methods.