American Telephone and Telegraph Company (AT&T) is the fourth-largest telecommunications provider, behind Verizon, Comcast, and China’s state-funded communications solution. AT&T is also recognized as the largest wireless carrier in the US, with 241.5 million Americans using its phone line and communications solutions. The organization employs over 160,700 individuals and is headquartered in Dallas, Texas.
AT&T has had a series of data incidents beginning in mid-2001; this most recent event may be the largest in its history of data breaches, but many details are unclear. For example, AT&T has not confirmed that the exposed data from this event belongs to their systems—nor have they published statements suggesting such. Despite their lack of statement on the event, a third-party expert in data breaches has suggested that the leaked data is real and subsequently poses a significant risk for those with exposures.
The breach first appeared in 2021, after a well-known threat actor named ShinyHunters published a marketplace post on the hacking forum breachforums.is. They were selling the data they claimed to have harvested from AT&T and provided a sample as proof. AT&T responded that there hadn’t been evidence of a cyber event, prompting experts to investigate for themselves.
Although AT&T has not indicated who could be impacted by this event, some experts believe that consumers will have personally identifiable information (PII) may be at risk. Most likely, these elements will include full names, dates of birth, addresses, phone numbers, and Social Security Numbers. However, this information may change as the story unfolds.
This breach is the largest of AT&T’s history, with a reported 70+ million records exposed. However, this number is likely to change as reporting continues; additionally, there are suggestions that some records are duplicated or contain data already on the dark web. AT&T consumers’ best action is to start taking reactive measures, including identity monitoring, password protection, and activity alerts.