Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
Leaked Dataset Belongs to AT&T Current and Former Customers
Data of 75 Million Individuals, Including SSNs, Posted on Criminal ForumAT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier.
See Also: Gartner Guide for Digital Forensics and Incident Response
The admission is a reversal from years of insisting that the dataset, first posted on a criminal forum in 2021, did not appear to have come from its systems (see: After 70M Individuals' Data Leaks, AT&T Denies Being Source).
In a statement, AT&T said an analysis of the dataset revealed "AT&T data-specific fields." The dataset reentered criminal circulation earlier this month after a user of a criminal web forum accessible on the clear web posted the set without charging a fee for its download.
The company isn't necessarily taking responsibility for the breach. "It is not yet known whether the data in those fields originated from AT&T or one of its vendors," the corporate statement says.
"Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set," it also said. The incident has not had a material impact on its operations, it added.
The dataset, which contains Social Security numbers as well as names, addresses and phone numbers, appears to be from 2019 or earlier. Of the 75 million total, 7.6 million pertain to current customers while the remainder belong to former subscribers, the company said.
The data "is now in very broad circulation. It is undoubtedly in the hands of thousands of internet randos," said data breach expert Troy Hunt after the dataset resurfaced in March.
Whoever stole the data from whatever source, the responsible hacker also apparently obtained the private key used to encrypt the data, Hunt said.
"As I'm fond of saying, there's only one thing worse than your data appearing on the dark web: it's appearing on the clear web. And that's precisely where it is; the forum this was posted to isn't within the shady underbelly of a Tor hidden service, it's out there in plain sight on a public forum easily accessed by a normal web browser," he said.
AT&T said it is contacting affected individuals and will monitor credit monitoring. It also created an online FAQ for potentially affected individuals. "We take cybersecurity very seriously," it says.