AT&T sent shockwaves through the telecommunications world this weekend with a startling announcement: the personal data of a whopping 73 million customers, including Social Security numbers, is under threat due to a massive data breach.

The telecom titan revealed the grim news late last week, confirming that a trove of sensitive information belonging to both past and present customers had fallen into the wrong hands and made its way onto dark web platforms.

In a grim disclosure on Saturday, AT&T revealed that the stolen data, now surfacing on the murky corners of the internet, comprises the passcodes and Social Security numbers of approximately 7.6 million active account holders and a staggering 65.4 million former ones.

AT&T also admitted that the pilfered data, which dates back around two weeks, raises concerns about whether the hackers managed to infiltrate AT&T’s own networks or those belonging to its trusted vendors.

The compromised information isn’t limited to mere contact details; it extends to birth dates, AT&T account numbers, and even the very passcodes customers rely on to safeguard their accounts.

Of the 73 million affected, a whopping 65.4 million were once loyal AT&T customers. To mitigate the damage, AT&T has taken the proactive step of automatically resetting the passcodes for its 7.6 million current clients, ensuring an added layer of security.

AT&T’s customers typically secure their accounts with four-digit passcodes, essential for verifying transactions and interacting with customer support. Those affected have been promptly notified of the passcode resets.

Furthermore, AT&T clarified that much of the compromised data dates back to 2019 or earlier. To address the fallout, the company is offering complimentary identity theft protection and credit monitoring services, alongside other measures, to aid those affected.

AT&T emphasized, “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” adding that they’re actively communicating with affected individuals and providing credit monitoring where necessary.

Both current and former customers impacted by the breach will receive ongoing support and updates from AT&T. The company advises vigilance, urging customers to monitor their credit reports and account activities closely.

According to cybersecurity hub Bleeping Computer, the compromised data set may have been circulating on the dark web for some time. Last year, a hacker dubbed “Shiny Hunters” claimed to have 73 million AT&T customers’ data up for sale, fetching initial offers of $200,000, with subsequent offers dropping to $30,000.

AT&T has previously refuted reports of such breaches, but evidence suggests otherwise. A hacker known as “MajorNelson” recently publicized a data set obtained by Shiny Hunters, corroborating the severity of the breach and adding to AT&T’s mounting woes.