AT&T has initiated the process of informing millions of customers regarding the recent discovery of stolen personal data online.

The telecommunications giant announced on Saturday that a dataset found on the “dark web” contains information belonging to approximately 7.6 million current AT&T account holders and 65.4 million former account holders, including Social Security numbers.

AT&T has already taken measures to reset the passcodes of current users and plans to reach out to account holders affected by the breach. The company stated that it is unclear whether the data originated from AT&T or one of its vendors. The compromised data, dating back to 2019 or earlier, does not include financial information or call history but may include email and mailing addresses, phone numbers, and birth dates.

Although the data surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar data breach from 2021 that AT&T never acknowledged, according to cybersecurity researcher Troy Hunt. Hunt warned that if AT&T failed to notify impacted customers promptly, the company could face potential class action lawsuits.

An AT&T spokesperson did not immediately respond to requests for comment on Saturday.

This incident is not the first challenge AT&T has faced this year. In February, the Dallas-based company experienced an outage that temporarily disrupted cellphone service for thousands of U.S. users. AT&T attributed the incident to a technical coding error rather than a malicious attack.