By 
On Saturday, March 30, AT&T disclosed that data from around 73 million customers (former and current), was leaked on the dark web.
More specifically, the security breach affects about 7.6 million active and 65.4 million past subscribers, and the breach event likely took place back in 2019 or earlier.
The company made use of the Easter weekend to silently release this information. Even though two weeks have passed since the company was informed of the data being present on the dark web. Not so thoughtful for the American customers, I might say.
AT&T:
With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.
Thankfully I am not a journalist, only a blogger & software developer, so I can easily assume the worst and say that millions of social security numbers are sold or in the process of being sold on the dark web.
AT&T also mentioned:
Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.
Although it was confirmed that AT&T-specific data fields were part of the leaked dataset, so again I can assume that a data breach was present.
The company is in the process of notifying impacted customers and has reset their passcodes. Only a recommendation for AT&T: careful with how you send millions of messages, you may be marked as spam!
Later Edit, 4’th April: AT&T confirmed 51 million customers impacted in the breach, though, it’s not good news, somehow is worse.