AT&T is resetting customer account passcodes after acknowledging a 2019 data leak. As reported by TechCrunch, the leak included customer records affecting 70 million current and former AT&T users. This marks the first that AT&T “acknowledged that the leaked data belongs to its customers.”

The leaked data includes customer names, home addresses, phone numbers, dates of birth, and social security numbers.

AT&T’s massive data leak

In addition to that personal information, the leak also includes customer account passcodes. This data is in “an encrypted format,” but the passcodes are “are easy to decipher.” As explained by TechCrunch, AT&T account passcodes “are typically four-digit numbers that are used as an additional layer of security when accessing a customer’s account, such as calling AT&T customer service, in retail stores, and online.”

In a statement provided to TechCrunch, AT&T said that it confirmed the data set includes information on 7.6 million current AT&T users and 65.4 million former account holders. The company also said that it does not have evidence of “unauthorized access to its systems resulting in exfiltration of the data set.”

“AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”

AT&T has also launched a new webpage on which it confirms the data leak and how customers can keep their accounts secure.

“We’ve taken precautionary measures and reset passcodes, which is an extra layer of protection for AT&T accounts,” the company says on the new webpage.

In addition to resetting the account passcodes of current users affected by the leak, AT&T says it will also communicate with “current and former account holders with compromised sensitive personal information.”

More details are available on AT&T’s website. The company says that it continues to work with “external cybersecurity experts to analyze the situation.”

Follow ChanceThreadsTwitterInstagram, and Mastodon


Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

Read More