A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. Bleeping Computer has details:
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users.
AT&T told BleepingComputer that they are investigating the data but also believe it originates from the known breach and was repackaged into a new leak.
“It is not uncommon for cybercriminals to repackage previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation,” AT&T told BleepingComputer.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:
“I have to think that our data leaks have been so pervasive for so long that whether or not this particular leak package is new or old really doesn’t matter. I’m pretty sure my Social Security number has been stolen, leaked, and sold a few dozen times over the last five years. What does one more personal data leak mean to me…or really anyone? Anyone can already look up anyone else’s personal information. What does one more data leak really mean? It’s not increasing the risk that I and others are already facing. At this point, is there a cybercriminal willing to pay for any of it, since they can all access a dozen plus previous data leaks with nearly the same information? My Social Security number and date of birth don’t change between leaks. I have a hard time getting worked up over any single data leak. The horse is already out of the barn.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows with this comment:
“While this is simply repackaged data, created by combining two different information caches, it can still be a danger to affected users. Having the information in one package means bad actors can do more with the data, making it easier for them to attempt to open accounts in victims’ names or use the information to send phishing emails and texts in an attempt to steal more information, like banking and credit card info. AT&T customers should stay alert for phishing attempts, as well as new accounts being opened in their name.”
Clearly everything old is new again when it comes to data breaches. That’s why it’s important to stop them before they happen. Because once that stolen information is out there, it’s out there forever.
Related
This entry was posted on June 6, 2025 at 11:38 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Old AT&T Data Breach From 2021 Has Resurfaced
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. Bleeping Computer has details:
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users.
AT&T told BleepingComputer that they are investigating the data but also believe it originates from the known breach and was repackaged into a new leak.
“It is not uncommon for cybercriminals to repackage previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation,” AT&T told BleepingComputer.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:
“I have to think that our data leaks have been so pervasive for so long that whether or not this particular leak package is new or old really doesn’t matter. I’m pretty sure my Social Security number has been stolen, leaked, and sold a few dozen times over the last five years. What does one more personal data leak mean to me…or really anyone? Anyone can already look up anyone else’s personal information. What does one more data leak really mean? It’s not increasing the risk that I and others are already facing. At this point, is there a cybercriminal willing to pay for any of it, since they can all access a dozen plus previous data leaks with nearly the same information? My Social Security number and date of birth don’t change between leaks. I have a hard time getting worked up over any single data leak. The horse is already out of the barn.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows with this comment:
“While this is simply repackaged data, created by combining two different information caches, it can still be a danger to affected users. Having the information in one package means bad actors can do more with the data, making it easier for them to attempt to open accounts in victims’ names or use the information to send phishing emails and texts in an attempt to steal more information, like banking and credit card info. AT&T customers should stay alert for phishing attempts, as well as new accounts being opened in their name.”
Clearly everything old is new again when it comes to data breaches. That’s why it’s important to stop them before they happen. Because once that stolen information is out there, it’s out there forever.
Share this:
Like this:
Related
This entry was posted on June 6, 2025 at 11:38 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.