United States

Millions Affected By Cyber Theft In AT&T Data Breach. How Can You Protect Yourself?

AT&T, a telecommunications giant, has announced a significant data breach affecting millions of current and former customers, exposing sensitive information such as Social Security numbers and passwords. Here's what you need to know about the breach and how to protect yourself.


AT&T Photo: AP

Over the weekend, telecommunications giant AT&T announced the discovery of a cyber theft involving sensitive information belonging to millions of its current and former customers, which has been found online.

In a statement released on Saturday regarding the data breach, AT&T disclosed that a dataset discovered on the "dark web" contains sensitive information, such as Social Security numbers and passwords, belonging to approximately 7.6 million current account holders and 65.4 million former account holders.

The Dallas-based company noted that it is still unclear whether the data "originated from AT&T or one of its vendors." They mentioned launching an investigation into the incident. Additionally, AT&T has started informing customers whose personal information was compromised.


Here's everything you need to know.

What information has been compromised in this data breach?

The information compromised in this breach, though differing for each customer and account, reportedly included Social Security numbers and passcodes. Unlike passwords, these passcodes are typically four-digit numerical PINs.

Full names, email addresses, mailing addresses, phone numbers, dates of birth, and AT&T account numbers may have also been compromised. According to the company, the affected data dates back to 2019 or earlier and does not seem to include financial information or call history.

How to know if you were affected

Consumers affected by this breach will receive direct communication from AT&T via email or letter. AT&T spokesperson confirmed to The Associated Press that email notifications started being sent out on Saturday.


What action has been taken by AT&T?

In addition to sending out notifications, AT&T has reset the passcodes of current users. The company also stated that it would cover the costs of credit monitoring services where necessary.

Furthermore, AT&T mentioned initiating a thorough investigation in collaboration with internal and external cybersecurity experts to delve deeper into the matter.

Has AT&T faced similar data breaches before?

Over the years, AT&T has experienced various data breaches of differing magnitudes and consequences.

While AT&T acknowledges that the data involved in this recent breach appeared on a hacking forum about two weeks ago, cybersecurity researcher Troy Hunt informed the AP on Saturday that it bears a striking resemblance to a previous breach in 2021, which AT&T never officially confirmed.

Troy Hunt, founder of an Australia-based website that alerts individuals about exposed personal information, stated that if AT&T misjudged the situation and failed to notify affected customers over the years, the company might face class action lawsuits.

When questioned about these similarities, an AT&T spokesperson declined to provide further comment on Sunday, as reported by Associated Press.

How can one protect oneself going forward?

In today's digitally interconnected world, completely avoiding data breaches can be challenging, but consumers can take certain measures to enhance their protection moving forward.

Fundamental steps include creating strong, difficult-to-guess passwords and utilizing multifactor authentication whenever feasible. If you receive notification of a breach, it's advisable to change your password and monitor your account for any suspicious activities. Additionally, ensure to obtain contact information from the company's official website to avoid falling prey to scammers who may exploit such news with phishing emails or phone calls.


Furthermore, the Federal Trade Commission highlights that nationwide credit bureaus like Equifax, Experian, and TransUnion provide free credit freezes and fraud alerts that individuals can activate to bolster their defense against identity theft and other malicious activities.