A pedestrian walks past an AT&T store in New York, USA
Scott Milin | CNBC
AT&T announced Saturday that it is investigating an incident two weeks ago that resulted in millions of customers' data being published on the dark web, a part of the internet that can only be accessed using special software.
The company has reset the passcodes of 7.6 million existing users who were affected, and said it is actively reaching out to those customers, along with 65.4 million previous account holders whose data was also compromised.
“As of today, this incident has not had a material impact on AT&T’s operations,” the company wrote in a press release on Saturday.
AT&T's initial review found that the leaked data dated back to approximately 2019 or earlier and included personal information such as names, home addresses, phone numbers, dates of birth, and Social Security numbers. The dataset does not contain personal financial information or call history.
AT&T encouraged users, who will receive an email if affected, to set up fraud alert accounts and monitor their account activity and credit reports. The company has not yet identified the source of the leak.
In February, AT&T customers experienced an hours-long outage in cellular service, which the company explained was caused by a system issue, not a cyberattack. The company's CEO, John Stankey, later apologized for the incident and offered customer credits to those affected.
Clarification: AT&T said it is investigating an incident two weeks ago that resulted in millions of customers' data being published on the dark web. It is unclear whether there was a breach of the system.