AT&T Inc. said that personal data from about 7.6 million current account holders and 65.4 million former customers was leaked onto the dark web.

The data — leaked about two weeks ago — includes personal information such as Social Security numbers and appears to be from 2019 or earlier, the company said Saturday in a statement. The source of the data is still being investigated, according to AT&T, and it’s not known whether it came from the company or a vendor.

AT&T said it doesn’t yet have evidence of unauthorized access to its systems, and that the leak hasn’t had a material effect on its operations as of Saturday. It reset millions of customer account passwords after the leak.

“The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable,” according to the statement. 

AT&T is the third-largest US retail wireless carrier, behind Verizon Communications Inc. and T-Mobile US Inc., according to data compiled by Bloomberg. The company in February experienced a widespread outage that took hours to resolve, prompting an investigation by the federal government.

More stories like this are available on