NEW YORK -- The theft of sensitive information belonging to millions of
AT&T's current and former customers has been recently discovered online,
the telecommunications giant said this weekend.

In a Saturday announcement addressing the data breach, AT&T said that a
dataset found on the �dark web� contains information including some Social
Security numbers and passcodes for about 7.6 million current account
holders and 65.4 million former account holders.

Whether the data �originated from AT&T or one of its vendors" is still
unknown, the Dallas-based company noted � adding that it had launched an
investigation into the incident. AT&T has also begun notifying customers
whose personal information was compromised.

Here's what you need to know.

Although varying by each customer and account, AT&T says that information
involved in this breach included Social Security numbers and passcodes �
which, unlike passwords, are numerical PINS that are typically four digits
long.

Full names, email addresses, mailing address, phone numbers, dates of
birth and AT&T account numbers may have also been compromised. The
impacted data is from 2019 or earlier and does not appear to include
financial information or call history, the company said.

Consumers impacted by this breach should be receiving an email or letter
directly from AT&T about the incident. The email notices began going out
on Saturday, an AT&T spokesperson confirmed to The Associated Press.

Beyond these notifications, AT&T said that it had already reset the
passcodes of current users. The company added that it would pay for credit
monitoring services where applicable.

AT&T also said that it �launched a robust investigation� with internal and
external cybersecurity experts to investigate the situation further.

AT&T has seen several data breaches that range in size and impact over the
years.

While the company says the data in this latest breach surfaced on a
hacking forum nearly two weeks ago, it closely resembles a similar breach
that surfaced in 2021 but which AT&T never acknowledged, cybersecurity
researcher Troy Hunt told the AP Saturday.

�If they assess this and they made the wrong call on it, and we�ve had a
course of years pass without them being able to notify impacted
customers,� then it�s likely the company will soon face class action
lawsuits, said Hunt, founder of an Australia-based website that warns
people when their personal information has been exposed.

A spokesperson for AT&T declined to comment further when asked about these
similarities Sunday.

Avoiding data breaches entirely can be tricky in our ever-digitized world,
but consumers can take some steps to help protect themselves going
forward.

The basics include creating hard-to-guess passwords and using multifactor
authentication when possible. If you receive a notice about a breach, it's
good idea to change your password and monitor account activity for any
suspicious transactions. You'll also want to visit a company's official
website for reliable contact information � as scammers sometimes try to
take advantage of news like data breaches to gain your trust through look-
alike phishing emails or phone calls.

In addition, the Federal Trade Commission notes that nationwide credit
bureaus � such as Equifax, Experian and TransUnion � offer free credit
freezes and fraud alerts that consumers can set up to help protect
themselves from identity theft and other malicious activity.

https://abcnews.go.com/US/wireStory/att-data-breach-leaked-millions-
customers-information-online-108697485
�