AT&T notifies regulators after customer data breach

0


AT&T has begun notifying US state officials and regulators of the security incident after confirming that millions of customer records posted online last month were authentic.

In a legally required filing with the Maine attorney general’s office, the US telecom giant said it sent letters to more than 51 million people notifying them that their personal information had been compromised in the data breach, including about 90,000 individuals in Maine. were also included.

AT&T – the largest telecommunications company in the United States – said the data breached included customers’ full name, email address, mailing address, date of birth, phone number and Social Security number.

According to AT&T, the leaked customer information dates back to mid-2019 and earlier, but the records contained valid data on more than 7.9 million current AT&T customers.

AT&T took action nearly three years after a subset of the leaked data first appeared online, preventing any meaningful analysis of the data. The entire cache of 73 million leaked customer records was dumped online last month, allowing customers to verify that their data was genuine. Some records contained duplicates.

The leaked data also included encrypted account passcodes, which allow access to customer accounts.

Shortly after the entire dataset was published, a security researcher informed TechCrunch that the encrypted passcodes found in the leaked data were easy to decipher. AT&T reset those account passcodes after TechCrunch alerted AT&T customers about the risk on March 26. TechCrunch kept its story intact until AT&T could complete the process of resetting affected customer passcodes.

AT&T eventually admitted that the leaked data belonged to its customers, including approximately 65 million former customers.

Companies that suffer data breaches affecting a large number of people are required to disclose the incident with the U.S. Attorney General under state data breach notification laws. In its notice filed in Maine, AT&T said it is offering identity theft and credit monitoring to affected customers.

AT&T has still not identified the source of the leak.



Source link

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *