Private data of 73 million AT&T customers leaked on dark web, including social security numbers

The latest headlines from our reporters across the US sent straight to your inbox each weekday

Your briefing on the latest headlines from across the US

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The personal information of more than 73 million people was exposed on the “dark web” after a massive cybersecurity breach of cellphone provider AT&T.

The company released a statement on Saturday revealing an unknown source posted the personal information — including social security numbers — of 65.4m former customers and 7.6m current users to the “dark web.” The data set appears to be from 2019 or earlier, according to their statement on Saturday.

The company is still assessing potential sources of the data, they said.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement reads. “The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.”

Those impacted should closely monitor their account activity and credit reports, the company also said. However, a preliminary investigation shows that the breach did not include customers’ personal financial information or call history.

This breach isn’t the first time AT&T has made headlines this year. Last month, the company saw a widespread service outage impacting thousands of customers. The outages were due to “the application and execution of an incorrect process” during network expansion, rather than a cyberattack, the company said in a statement at the time. The Federal Communications Commission is also investigating the attack.

Similarly, in December 2023 telecommunications company Xfinity reported that hackers exploited a vulnerability in their software and “likely acquired” customers’ usernames and passwords. The breach affected some 35.9m people. For some customers, the hackers may have also identified the last four digits of social security numbers, account security questions, birthdates and contact information.