On Saturday, March 30, AT&T issued a press release providing new details about a years-old data breach. Here’s everything you need to know, from what sensitive personal data was leaked, to what you can do to protect yourself.
In this article:
AT&T has acknowledged that customer information is out in the wild. The company stated that it still does not know whether the data originated from AT&T or one of its vendors; the source of the data is still being assessed.
The leaked data first appeared online in August 2021, nearly three years ago. At the time, AT&T stated that the company had not suffered a data breach—a position that the company has maintained up until now.
Following are the types of personally identifiable information (PII) included in the leak:
Not each customer that was exposed in this breach may have all of those data points exposed; AT&T states that the data varies by customer and account. As a precautionary measure, AT&T has reset the passcodes of the affected accounts, and said it would reach out by postal mail or e-mail to individuals with compromised sensitive personal information. AT&T said it would provide complimentary identity theft and credit monitoring services as well.
In August 2021, a threat actor who self-identifies as ShinyHunters began selling a database that claimed to contain the personal information of over 70 million AT&T customers. The threat actor posted an advertisement for the sale of this data on a hacking forum. At the time, the data was only accessible to whomever paid for it.
Threat actor selling AT&T database on a hacking forum. Source: BleepingComputer
The seller has a long history of compromising websites; some past breaches include Microsoft’s GitHub, Teespring, and many more.
While AT&T denied suffering a breach, security researchers started digging. They quickly confirmed that the dataset included the details of actual customers—both current and past. At least some of the data may relate to AT&T’s customers as of 2019, but the leak may include more recent customers’ data as well.
Over the weekend, the same data was posted for free on a public hacking forum, making it instantly accessible to anyone that’ll search for it. The leaked dataset includes decrypted dates of birth and social security numbers.
Once again, security researchers quickly confirmed that the data contained the information of actual past or current AT&T customers.
Security researcher Troy Hunt also went through the data and polled some of his Have I Been Pwned subscribers to ask them if the information he found was indeed theirs—and it was. Hunt stated:
As I’m fond of saying, there’s only one thing worse than your data appearing on the dark web: it’s appearing on the clear web. And that’s precisely where it is; the forum this was posted to isn’t within the shady underbelly of a Tor hidden service, it’s out there in plain sight on a public forum easily accessed by a normal web browser. And the data is real.
Companies have a responsibility to make every reasonable effort to safeguard personally identifiable information. Exposure of such data can put individuals at risk of identity theft or other challenges. Handing over such information is, unfortunately, often the cost of doing business; you cannot become an account holder at AT&T or many other companies without sharing it. Thus, one has a reasonable expectation that a large corporation will have the resources to protect that information. On the other hand, anyone or any company can potentially be hacked or compromised, even if they try to get their security right.
Unfortunately, if your personal information has already been exposed, there’s not much you can do to prevent it from spreading further; data is infinitely copiable. And it’s generally impossible to change your social security number—and its exposure puts you at risk of identity theft.
Even if you have never been an AT&T customer, some of your PII may already have been exposed due to previous breaches at other companies.
So what can you do about it? There are several ways you can protect yourself. In a separate article, we cover 9 easy steps to recover from a data breach and avoid getting hacked.
What to do after a data breach—and how to avoid getting hacked—in 9 easy steps
We discussed this AT&T data breach on episode 338 of the Intego Mac Podcast.
You may also be interested in reading about a different AT&T breach that affected 100,000 iPad users in 2010.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
