Millions of AT&T customers could be at risk of having their data exposed after the carrier confirmed user data was published on the dark web. More than 73 million current and former customers now have information like their social security number, address, and more out in the open.
According to AT&T, the leak was published two weeks ago. So far, all the data is from 2019 or earlier. It includes information from 7.6 million current users and a whopping 65.4 million former customers. AT&T is investigating and says it’s still unclear if the data comes from the company or a third party.
Credit: AT&T
What information was involved?
How do you know if you are affected by the data leak?
The company is contacting current and former customers whose data has been leaked. Customers affected by this security breach can expect to receive a direct communication from AT&T via email or letter regarding the incident.
What action is AT&T taking?
In addition to these notifications, AT&T has already reset the passcodes of affected customers. AT&T discovered the exposed information in a specific data set on the dark web. The company is still combing through the set but released this statement:
AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. We encourage current and former customers with questions to visit www.att.com/accountsafety for more information.”
MORE: BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
How to protect yourself from threats targeting you
You should take immediate action to minimize the damage. Here are some steps that you can follow:
Change your passwords
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Enable two-factor authentication
You’ll want to activate two-factor authentication for an extra layer of security.
MORE: 26 BILLION REASONS TO PROTECT YOURSELF AFTER A MASSIVE DATA LEAK IS EXPOSED
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 52% with my top recommendation is Identity Guard.
See my tips and best picks on how to protect yourself from identity theft.
Invest in personal data removal services
While no service promises to remove all your data from the internet, having a removal service is invaluable, especially after a data breach. These services can help you mitigate the potential damage by ensuring your compromised information is continuously monitored and systematically removed from hundreds of sites. This ongoing process reduces the risk of identity theft, fraud, and other malicious activities, providing an additional layer of security and peace of mind.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
MORE: WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
Kurt’s key takeaways
It’s important to note that this is still a fluid situation. AT&T has said it is actively investigating and gathering information. However, we can take away some concrete lessons. You should do everything you can to lock up your data. That means using unique passwords, password managers, and two-factor authentication to stay safe. Some of these lessons are simple, too, like never reusing passwords.
This also shows that your data can end up in some pretty scary places. The dark web is the internet’s Wild West, and you never know who could be accessing your information.
Are you worried about your information being exposed on the dark web? What more can companies do to make sure your data stays off of it? We want to hear your thoughts in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.