AT&T has begun notifying U.S. state authorities and regulators of a security incident after confirming that millions of customer records posted online last month were genuine.

In a legally required filing with the Maine Attorney General’s Office, the U.S. telecoms giant said it had sent letters notifying more than 51 million people whose personal information had been exposed in a data breach, including those in Maine. About 90,000 people.

AT&T, the largest telecommunications company in the United States, said the leaked data included customers’ full names, email addresses, mailing addresses, dates of birth, phone numbers and Social Security numbers.

AT&T said the leaked customer information dates back to mid-2019 or earlier, but the records contain valid data for more than 7.9 million current AT&T customers.

AT&T took action about three years after some of the leaked data first appeared online, preventing any meaningful analysis of the data. Last month, a complete cache of 73 million leaked customer records was dumped online, allowing customers to verify whether their data was authentic. Some records contain duplicates.

The leaked data also included encrypted account passwords, which allowed access to customer accounts.

Shortly after the full data set was released, a security researcher informed TechCrunch that the encryption password found in the leaked data was easily decipherable. AT&T reset passwords for those accounts after TechCrunch warned AT&T on March 26 about the risks it posed to customers. TechCrunch is standing by its story until AT&T completes the process of resetting affected customers’ passwords.

AT&T eventually admitted that the leaked data belonged to its customers, including about 65 million former customers.

Under state data breach notification laws, companies that experience a data breach that affects a large number of people must disclose the incident to the U.S. Attorney General. AT&T said in a notice filed in Maine that it is providing identity theft and credit monitoring services to affected customers.

AT&T has not identified the source of the leak.

#ATT #notifies #regulators #customer #data #breach

Leave a Reply

Your email address will not be published. Required fields are marked *