AT&T has launched an investigation into the source of a data leak that includes personal information of 73 million current and former customers.
In a news release Saturday morning, the telecommunications giant said the data was “released on the dark web approximately two weeks ago,” and contains information such as account holders’ Social Security numbers.
“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company added. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
The data seems to have been from 2019 or earlier. The leak does not appear to contain financial information or specifics about call history, according to AT&T. The company said the leak shows approximately 7.6 million current account holders and 65.4 million former account holders were affected.
AT&T said it is reaching out to customers and asking them to reset their account passcodes. It is also urging customers to remain alert about changes to their accounts or credit reports, adding AT&T “will be offering credit monitoring at our expense where applicable.”
The company was alerted of a potential leak about two weeks ago. News of the leak was first posted by X account vx-underground on March 17.
At the time, AT&T told CNN: “We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.”