AT&T data leak from 73 million customers – what you need to do next

Millions of AT&T customers could be at risk of having their data exposed after the carrier confirmed user data was published on the dark web. More than 73 million current and former customers now have information like their social security number, address, and more out in the open.

According to AT&T, the leak was published two weeks ago. So far, all the data is from 2019 or earlier. It includes information from 7.6 million current users and a whopping 65.4 million former customers. AT&T is investigating and says it’s still unclear if the data comes from the company or a third party.

Credit: AT&T

 

What information was involved? 

According to the company’s website, “The information varied by customer and account but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode.”

 

How do you know if you are affected by the data leak?

The company is contacting current and former customers whose data has been leaked. Customers affected by this security breach can expect to receive a direct communication from AT&T via email or letter regarding the incident.

 

What action is AT&T taking?

In addition to these notifications, AT&T has already reset the passcodes of affected customers. AT&T discovered the exposed information in a specific data set on the dark web. The company is still combing through the set but released this statement:

AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. We encourage current and former customers with questions to visit www.att.com/accountsafety for more information.”

 

MORE: BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

 

How to protect yourself from threats targeting you

You should take immediate action to minimize the damage. Here are some steps that you can follow:

 

Change your passwords

If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.

Enable two-factor authentication

You’ll want to activate two-factor authentication for an extra layer of security.

MORE: 26 BILLION REASONS TO PROTECT YOURSELF AFTER A MASSIVE DATA LEAK IS EXPOSED  

 

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

You should also contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit if need be.

Use identity theft protection

Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 52% with my top recommendation is Identity Guard.

See my tips and best picks on how to protect yourself from identity theft.

 

Invest in personal data removal services

While no service promises to remove all your data from the internet, having a removal service is invaluable, especially after a data breach. These services can help you mitigate the potential damage by ensuring your compromised information is continuously monitored and systematically removed from hundreds of sites. This ongoing process reduces the risk of identity theft, fraud, and other malicious activities, providing an additional layer of security and peace of mind.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers.  I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

 

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

MORE: WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

 

Kurt’s key takeaways

It’s important to note that this is still a fluid situation. AT&T has said it is actively investigating and gathering information. However, we can take away some concrete lessons. You should do everything you can to lock up your data. That means using unique passwords, password managers, and two-factor authentication to stay safe. Some of these lessons are simple, too, like never reusing passwords.

This also shows that your data can end up in some pretty scary places. The dark web is the internet’s Wild West, and you never know who could be accessing your information.

Are you worried about your information being exposed on the dark web? What more can companies do to make sure your data stays off of it? We want to hear your thoughts in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you