Personal data of 75 million people, including SSN, posted on criminal forums
David Perera (@daveperera) •
March 30, 2024
AT&T reversed itself Saturday, saying the leak of some of the personal data of 73 million people actually revealed sensitive information about current and former customers of America’s largest wireless phone company.
Related item: Where do you start when all your identities are at stake?
The admission reverses long-standing claims that the dataset first posted to a crime forum in 2021 does not appear to have come from that system (see below) After 70 million people’s personal data leaked, AT&T denies being the source).
AT&T said in a statement that analysis of the dataset revealed “fields unique to AT&T data.” The dataset re-entered criminal circulation earlier this month after a user on a criminal web forum accessible on Clearweb posted the dataset without charging a download fee.
Companies are not necessarily responsible for violations. “It is not yet clear whether the data in these areas comes from AT&T or AT&T’s vendors,” the company statement said.
“At this time, AT&T has no evidence that data sets were compromised as a result of unauthorized access to its systems,” the statement said. The company said the incident did not have a significant impact on its operations.
The dataset includes names, addresses, and phone numbers, as well as Social Security numbers, and appears to date back to before 2019. Of the total 75 million, 7.6 million belong to current customers and the rest belong to former subscribers, the company said.
After the data set resurfaced in March, data breach expert Troy Hunt said the data was “now in very wide circulation, no doubt in the hands of thousands of Internet lands.” I am,” he wrote.
Regardless of who stole the data and from what source, the hackers responsible also likely obtained the private keys used to encrypt the data, Hunt wrote.
“I like to say that the only thing worse than having your data appear on the dark web is having your data appear on the clear web. And that’s exactly what it is. The forum where this post was posted is not part of a shady underground organization.” Tor’s hidden services are visible and visible on public forums that are easily accessible with a regular web browser. ” he said.
AT&T said it has contacted the affected individuals and will continue to monitor their credit status. We have also created an online FAQ for individuals who may be affected. “We take cybersecurity very seriously,” the company said.
