“It has come to our attention that a number of AT&T passcodes have been compromised,” AT&T said. Though AT&T did not disclose how and when the breach occurred, and why it went unnoticed, the company confirmed that the leak affected 7.6 million of its active members and 65 million former customers. “Our internal teams are working with external cybersecurity experts to analyze the situation. To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” AT&T continued. The affected customers’ leaked data varied from customer and account, but it may include full name, mailing and email address, phone number, social security number, date of birth, AT&T account number, and passcode. This comes weeks after the company’s denial that its system was compromised. In a public statement, AT&T said that it was unsure about the origin of the leaked data, “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.” Reports of the data leak first appeared in 2021, which was denied by AT&T. The present data leak confirmation and password reset was due to a report by TechCrunch, about public availability of AT&T’s encrypted account passcodes. In its report, TechCrunch said that it “held the publication of this story until AT&T could begin resetting customer account passcodes.”
