AT&T, the telecommunications giant, revealed over the weekend a significant breach that has exposed the sensitive information of millions of its current and former customers. The breach, discovered on the dark web, has potentially compromised data, including Social Security numbers and passcodes, affecting around 7.6 million current account holders and a staggering 65.4 million former account holders.

In a statement issued over the weekend, the Dallas-based company expressed concern over the breach and its magnitude while highlighting the uncertainty surrounding the origin of the leaked data. Whether the data was sourced from AT&T itself or one of its vendors remains unclear, prompting the company to initiate a thorough investigation.

The compromised information, dating back to 2019 or earlier, encompasses a wide array of personal data, including full names, email addresses, mailing addresses, phone numbers, dates of birth, and AT&T account numbers. However, AT&T has assured customers that financial information and call histories remain untouched.

For individuals anxious about the security of their data, AT&T has assured them that affected customers will receive direct communication via email or letters. These notifications began rolling out on March 30, confirmed by an AT&T spokesperson.

AT&T has taken immediate action in response to the breach, resetting passcodes for current users and pledging to cover credit monitoring services where applicable. Additionally, the company has launched a comprehensive investigation, leveraging internal expertise and external cybersecurity professionals to delve into the breach’s origins and extent.

The recent breach isn’t the first time AT&T has faced such a cybersecurity challenge. Cybersecurity researcher Troy Hunt highlighted similarities between this breach and a previous one in 2021, which AT&T allegedly failed to acknowledge. The resemblance raises questions about the telecom giant’s handling of data breaches and could expose it to legal repercussions, including class-action lawsuits.

AT&T urges customers to adopt stringent security measures, such as creating complex passwords and enabling multi-factor authentication, in light of the breach. Additionally, vigilance against phishing attempts, especially following breach notifications, is crucial. The Federal Trade Commission recommends leveraging free credit freezes and fraud alerts provided by nationwide credit bureaus to mitigate identity theft risks.

In tandem with this breach revelation, AT&T faces legal challenges on another front. In 2021, the District of Columbia sued AT&T for allegedly overcharging for cellphone and internet services, citing breaches of contract and violations of the False Claims Act.