Millions of AT&T customers could be at risk of having their data exposed after the carrier confirmed user data was published on the dark web. More than 73 million current and former customers now have information like their social security number, address, and more out in the open.
According to AT&T, the leak was published two weeks ago. So far, all the data is from 2019 or earlier. It includes information from 7.6 million current users and a whopping 65.4 million former customers. AT&T is investigating and says it’s still unclear if the data comes from the company or a third party.
Credit: AT&T
What information was involved?
According to the company’s website, “The information varied by customer and account but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode.”
How do you know if you are affected by the data leak?
The company is contacting current and former customers whose data has been leaked. Customers affected by this security breach can expect to receive a direct communication from AT&T via email or letter regarding the incident.
What action is AT&T taking?
In addition to these notifications, AT&T has already reset the passcodes of affected customers. AT&T discovered the exposed information in a specific data set on the dark web. The company is still combing through the set but released this statement:
AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. We encourage current and former customers with questions to visit www.att.com/accountsafety for more information.”
MORE: BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
How do I check if my information is on the dark web?
You can go to haveibeenpwned.com to check if your information was sold on the dark web. Just enter your email address into the search bar. The website will search to see your data and display if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen.
What to do if you’re information has been stolen
So, what do you do if you were notified or discovered that your info is on the haveibeenpwned.com site? You should take immediate action to minimize the damage. Here are some steps that you can follow:
Change your passwords
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Enable two-factor authentication
You’ll want to activate two-factor authentication for an extra layer of security.
MORE: 26 BILLION REASONS TO PROTECT YOURSELF AFTER A MASSIVE DATA LEAK IS EXPOSED
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
You should also contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit if need be.
Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 52% with my top recommendation is Identity Guard.
See my tips and best picks on how to protect yourself from identity theft.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
MORE: WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
Kurt’s key takeaways
It’s important to note that this is still a fluid situation. AT&T has said it is actively investigating and gathering information. However, we can take away some concrete lessons. You should do everything you can to lock up your data. That means using unique passwords, password managers, and two-factor authentication to stay safe. Some of these lessons are simple, too, like never reusing passwords.
This also shows that your data can end up in some pretty scary places. The dark web is the internet’s Wild West, and you never know who could be accessing your information.
Are you worried about your information being exposed on the dark web? What more can companies do to make sure your data stays off of it? We want to hear your thoughts in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE: