Telecommunications giant AT&T has revealed that it suffered a massive data breach involving the personal information of 73 million current and former customers combined.

The data appeared on the dark web approximately two weeks ago, AT&T said, adding that it appears to be "from 2019 or earlier." It is not yet known whether the data in these fields originated from AT&T or from one of AT&T's vendors," the company added.

The good news is that it "does not contain personal financial information or call history." The bad news is that it includes customers' names, home addresses, phone numbers, dates of birth, Social Security numbers, and encrypted passcodes.

The 7.6 million current customers affected have had their passcodes reset, the company said, but there is apparently little that can be done for the data that was taken and used for identity theft.

"Individuals with sensitive personal information that has been compromised will be contacted individually and offered free identity theft and credit monitoring services," the official website page states.

It is important to note that the data contains passcodes, not passwords. A passcode is a (usually four-digit) number used for extra security when accessing a customer account by phone, in stores, or online.

So while the breach may not appear to pose an immediate threat to the 65.4 million former customers, affected customers should still be wary if their other passcodes duplicate the combination.

That's because the information breach may contain enough data to guess the PIN. As security researcher Sam Crawley told "TechCrunch," thanks to customers' frequent use of the numbers associated with the four-digit passcode, passcode data can be decrypted even if it is not encrypted. In other words, the Social Security number, phone number, and house number could all be leaked at the same time, providing a number of combinations for criminals to try.

The story of the breach first surfaced earlier this month when the X account @vx-underground claimed that over 70 million records had been leaked to Breach. At the time, AT&T suggested that this was likely a burn of a data set that was destroyed in 2021.

It has been a rough start to the year for this carrier. Last month, it was forced to deny that the nearly day-long outage was not the result of a cyber attack.