AT&T’s Data Breach Initial Report of 73 Million Impacted Could Only be 51 Million, Still Remains Bad News for Affected Customers

AT&T's recent data breach has shifted from initial estimates, with the telecom giant revealing to the Maine attorney general's office that the impact is now believed to affect more than 51 million individuals, a notable reduction from the previously stated 73 million. The breach, first hinted at in mid-March when reports of AT&T data surfacing on the dark web emerged, took about two weeks for AT&T to confirm as authentic customer information.

Over the Easter holiday weekend, AT&T disclosed that the leaked data seemed to pertain to around 7.6 million current customers and approximately 65.4 million former customers. This data, reportedly from 2019 or earlier, was initially cited as potentially compromising only social security numbers. However, subsequent communications from AT&T to affected individuals have outlined a broader range of compromised information, including full names, email and mailing addresses, phone numbers, dates of birth, social security numbers, and AT&T account numbers and passcodes.

AT&T's updated disclosure, now including a wider array of compromised personal information, suggests a potentially more severe impact than initially understood. However, the company has assured that personal financial information and call history were not part of the breach. The revelation to the Maine attorney general's office of a reduced impact, down to more than 51 million individuals, implies AT&T may have taken measures to weed out duplicate or inaccurate records from the leaked database.

The origin of the data, which has reportedly been circulating online since 2021, remains a mystery, with AT&T denying it originated from their systems. As a response to the breach, affected customers are being offered one year of free credit monitoring and identity theft protection services, a measure aimed at mitigating potential harm resulting from the compromised data.

This incident is not the first security breach involving AT&T; in March 2023, the company notified 9 million wireless customers of a breach affecting their customer proprietary network information (CPNI) at a third-party vendor. These successive breaches underscore the ongoing challenges faced by companies in safeguarding sensitive customer data in an increasingly interconnected digital landscape.