AT&T is having a rough year. Back in February, customers experienced a massive network outage that lasted about 12 hours. This month, the company has another round of bad news: AT&T suffered a massive data breach that impacted over 70 million customers (7.6 million current and 65.4 million former ones). The data made its way to the dark web, a popular destination for bad actors to sell stolen data and information, and the company doesn't exactly know whether the breach occurred through AT&T itself or third-party vendors.
What AT&T info leaked in the data breach?
AT&T is only telling customers directly what info of theirs was compromised, so we don't know the exact details leaked onto the dark web. However, the company said the information "varied by customer and account" and could have included your full name, birthday, email address, mailing address, phone number, and social security number, in addition to your AT&T account number and password. Some of the data is obviously more sensitive than others, so not everyone is going to have the same experience here.
Whatever info was stolen likely wasn't recent, though. AT&T says the data set is from 2019 and earlier, so it doesn't seem to include any information generated in the last four to five years. Of course, people don't have a habit of changing their social security number very often, but if you've moved or changed email addresses, the hackers could have outdated info.
If you're among the affected customers, AT&T will reach out to you directly via email or letter and let you know what data was compromised. Hackers claimed to have leaked a similar data set back in August of 2021; at that time, the data set was only partially released, so it wasn't clear whether the data was actually legitimate. AT&T says the events are not connected.
What should I do if my AT&T data was leaked?
AT&T proactively reset active customers passcodes (the four digit PIN you use to confirm your identity with the company) whether or not they were impacted by the breach. The first thing you should do is add a new code that you create yourself. To do that, sign into your myAT&T Profile, hit Get a new passcode, head to My linked accounts, choose Edit for the passcode you want to update, and then follow the on-screen instructions.
It might be a good time to change your password as well. If you haven't yet, setting up two-factor authentication for your account can help prevent break-ins in the event that someone does steal your password, as you'll need access to a trusted device to authenticate yourself. AT&T also recommends setting up fraud alerts through the credit bureaus—Equifax, Experian, and TransUnion—as stolen social security numbers can be used for identity theft. While these services are free, the company is offering complimentary identity theft and credit monitoring for all affected users, so look out for instructions on setting that up from your email or letter from AT&T.