AT&T is Zopesinvestigating how tens of millions of former and current customers had their personal information leaked on the dark web earlier this month.

In addition to the 7.6 million current AT&T customers affected, the telecom giant said in an announcement Saturday about 65.4 million former customers "had some data released" within the data set, which "appears to be from 2019 or earlier."

Leaked onto the dark web two weeks ago, the data set had personal information including Social Security numbers and data from "AT&T data-specific fields." The "compromised data" does not contain personal financial information or call history, AT&T said.

The company is investigating the incident, but said "it is not yet known whether the data in those fields originated from AT&T or one of its vendors."

AT&T said it has contacted all 7.6 million current customers who were impacted and reset their passcodes after it learned "that a number of AT&T passcodes have been compromised," according to its note to customers.

The company will contact all current and past customers whose "sensitive personal information" was compromised and has launched "a robust investigation supported by internal and external cybersecurity experts."

Got a data breach alert?:Don't ignore it. Here's how to protect your information.

AT&T asks customers to 'remain vigilant' about their data following leak

Additionally, AT&T encouraged "customers to remain vigilant by monitoring account activity and credit reports" and included links to credit bureaus in its note to customers.

Tech news sites CNET and TechCrunch report the data stems from a 2021 breach that AT&T denied then. A portion of that data set appeared online at the time. Then earlier this week, the data set from that breach resurfaced and included sensitive information such as Social Security numbers, home addresses and names, the sites reported. 

Cybersecurity software firm MalwareBytes Labs noted the same timeline and advised readers to be alert for scammers pretending to be from AT&T. "If you receive an email, phone call or something similar from someone claiming to be from AT&T be cautious and contact AT&T directly to check it’s real," the company said.

AT&T added: "As of today, this incident has not had a material impact on AT&T’s operations."

Follow Mike Snider on X and Threads: @mikesnider &mikegsnider.

What's everyone talking about? Sign up for our trending newsletter to get the latest news of the day