More than 70 million records, allegedly stolen from AT&T in 2021, were dumped on a cybercrime forum at the weekend.
The stolen files include names, Social Security Numbers, dates of birth, addresses, emails, phone numbers and other personal information, according to Dark Web Informer, who first spotted the massive data dump by the criminals.
Miscreants reportedly nabbed the personal info back in 2021, and “upon review we can confirm the stolen data is legitimate,” VX-Underground claimed.
Back in August 2021, crime gang ShinyHunters claimed to have pilfered private details belonging to 70 million AT&T customers and attempted to sell the database for $1 million, according to digital advocacy group RestorePrivacy.
At the time, AT&T denied the stolen data was legitimate, telling RestorePrivacy: “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.”
The latest claims of a leak emerge about a year after AT&T did admit miscreants accessed about 9 million wireless customers’ account information. That breach happened in January 2023, and three months later the carrier confirm that the stolen records included so-called customer proprietary network information.
An AT&T spokesperson at the time said the data was “several years old,” and “mostly relating to device upgrade eligibility.”
AT&T did not immediately respond to The Register‘s request for comment, but has claimed to other news outlets that it has “no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems.
“We believe and are working to confirm that the data set discussed yesterday is the same dataset that has been recycled several times on this forum.” ®