AT&T has told the office of the attorney general in Maine that the recently disclosed data breach impacts more than 51 million individuals, still a large number, but less than the initially reported 73 million.
Reports of AT&T data circulating on the dark web emerged in mid-March, but it took the telecoms giant roughly two weeks to confirm that the information indeed belongs to customers.
During the Easter holiday weekend, AT&T said the leaked data appeared to belong to roughly 7.6 million current customers and approximately 65.4 million former customers, pointing out that the data appeared to be from 2019 or earlier.
The company at the time only specifically named social security numbers as being compromised.
However, in letters it’s now sending out to impacted individuals, AT&T says the compromised information includes full name, email and mailing address, phone number, date of birth, social security number, and AT&T account number and passcode.
“To the best of our knowledge, personal financial information and call history were not included,” the company is telling impacted individuals.
AT&T told the Maine AG that the incident has impacted more than 51 million individuals, which suggests the company may have eliminated duplicate or inaccurate records from the leaked database.
It’s believed that the data has been circulating online since 2021, but its origin remains unknown. AT&T has denied that it came from its own systems.
Affected customers are being offered one year of free credit monitoring and identity theft protection services.
In March 2023, AT&T notified 9 million wireless customers that their customer proprietary network information (CPNI) was compromised in a data breach at a third-party vendor.
Related: AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack
Related: 530k Impacted by Data Breach at Wisconsin Healthcare Organization
Related: DOJ-Collected Information Exposed in Data Breach Affecting 340,000