AT&T reveals data breach affecting 51 million customers, past and present

Threat Actor: ShinyHunters | ShinyHunters
Victim: AT&T | AT&T
Price: Not mentioned
Exfiltrated Data Type: Personal information (name, phone number, physical address, email address, social security number, date of birth)

Additional Information:

  • The data breach affected more than 51 million former and current AT&T customers.
  • The leaked data was obtained by ShinyHunters from an unnamed AT&T division in 2021.
  • The data contains 73.481.539 records.
  • ShinyHunters is a well-known hacking group that has targeted various organizations in the past.
  • In August 2021, ShinyHunters claimed to have a database containing private information on roughly 70 million AT&T customers, but AT&T denied the breach.
  • The group asked for $1 million for the entire database or $200,000 for access.
  • The leaked data includes personal information such as name, phone number, physical address, email address, social security number, and date of birth.
  • AT&T initially denied the data breach but later confirmed it.
  • AT&T believes the leaked data is from 2019 or earlier.
  • AT&T is notifying the impacted individuals and offering one year of complimentary credit monitoring and identity theft detection services.

AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them.

In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.

The researchers confirmed that the leaked data is legitimate, however, it is still unclear if the information was stolen from a third-party organization linked to AT&T.

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ShinyHunters in 2021. The archive contains 73.481.539 records.

“It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. It was leaked online today.” said vx-underground.

In August 2021, the ShinyHunters group claimed to have a database containing private information on roughly 70 million AT&T customers, but the company denied that they had been stolen from its systems.

ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including TokopediaHomechefChatbooks.comMicrosoft, and Minted.

In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic.

“While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid.” reads the RestorePrivacy website. “Here is the data that is available in this leak:

  • Name
  • Phone number
  • Physical address
  • Email address
  • Social security number
  • Date of birth”

The threat actors claimed that data belonged to AT&T customers in the United States, the group told RestorePrivacy that they were available to support AT&T in securing its systems for a reward.

AT&T initially denied any data breach, below is the statement from the telecomunication giant:

“Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,”

Later, the telecommunications company retracted its initial denial and confirmed the data breach. The data was “released on the dark web approximately two weeks ago,” said the company.

“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company added. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”

The company pointed out that it was not aware of any compromise of its infrastructure.

“We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.” AT&T told CNN.

The company speculates that leaked data are from 2019 or earlier.

AT&T is notifying the 51,226,382 individuals impacted according to the data breach notification shared with the Maine Attorney General.

“The information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode.” reads the data breach notification. “To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier.”

The telecommunication giant offers impacted customers one year of complimentary credit monitoring, identity theft detection and resolution services provided by Experian’s IdentityWorksSM.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)



Original Source: https://securityaffairs.com/161685/data-breach/att-data-breach-51m-customers.html