Tech News

Data stolen from 73 million AT&T accounts: how to protect yourself


AT&T said hackers stole the personal information of 73 million current and former customers. The data, including Social Security numbers, appears to be from 2019 or earlier, AT&T said in a statement, and includes account information for approximately 7.6 million checking account holders and 65 .4 million former customers.

The leak first came to light in 2021, when hackers claimed they had stolen AT&T customer data and would put the information up for sale. Fast forward to March 2024, the stolen personal information was discovered on the dark web, according to Troy Hunt, creator of Have I Been Pwned.

In response, AT&T said it contacted all 7.6 million current customers and reset their passcodes. Whether you are part of a select group of current customers or a larger group of former account holders who believe their data was stolen in the breach, you can take steps to potentially reduce the damage caused by the violation. Read on to find out what you can do. AT&T did not immediately respond to CNET’s request for comment.

To learn more, here is our selection of the best identity theft protection and monitoring services and how Consumer Report’s Permission Sheet Can Help You Take Control of Your Online Data.

What to know about the AT&T data breach

AT&T said on March 30 that the personal information of 73 million current and former customers was leaked in mid-March on the dark web. The company said the stolen information appears to be from 2019 or earlier, and it does not know whether the information came from AT&T or one of its vendors.

What personal information was stolen in the AT&T breach?

According to AT&T, stolen customer and account data may vary by account, but thieves had access to full name, email address, mailing address, phone number, security number social security, date of birth, AT&T account number and customer access code. AT&T said the information does not appear to contain personal financial information or call history.

What is an AT&T password?

A customer’s passcode is essentially a numeric PIN and is usually four digits long. A password is different from a password and is required to complete an AT&T installation, perform personal account functions over the phone, or contact technical support over the phone, AT&T said.

How to reset your AT&T password

AT&T said it has already reset passcodes for active accounts that had data stolen, but recommends that if you haven’t changed your passcode in the past year, you should change yours as a precautionary measure. Here’s how to change your AT&T password.

  1. Go to your myAT&T profile. Log in, if asked. (If additional security is enabled and you can’t connect, AT&T says, choose Get a new password)
  2. Scroll to My linked accounts
  3. Select To modify for the password you want to update
  4. Follow the prompts to finish

Where can you check if you are part of the AT&T breach

AT&T said it will email or mail a letter to all 7.6 million current customers whose data was stolen, explaining the incident, what information was compromised and what it is doing in response. The company said it has reset the passcodes of affected current customers. The company said it is also communicating with the 65.4 million former account holders whose data was stolen.

However, you don’t need to wait for AT&T to contact you. Using Have I Been Pwned you can check if your data has been leaked. If you store your password information in a Google account, the company’s password checker tool can alert you if your account information has been exposed. And the premium version of our favorite password manager, Bitwarden, can search the web for stolen passwords.

Changing your password and password, if AT&T hasn’t contacted you, can help secure your account.

How to Monitor Your Credit Report for Fraud

If you think your personal information was part of the AT&T breach, you can check your credit reports for signs of potential fraud.

Monitor your credit reports. You get one free credit report per year from the three major credit reporting agencies: Equifax, Experian and TransUnion. On your report, look for unusual or unknown activity, such as the appearance of new accounts that you did not open. And monitor your credit card accounts and bank statements for unexpected charges and payments.

Sign up for a credit monitoring service. Choose one credit monitoring service which constantly monitors your credit report from the major credit reporting agencies and alerts you when it detects unusual activity. To make monitoring easier, you can set fraud alerts that notify you if someone tries to use your identity to build credit. A credit reporting service like LifeLock can start at $7.50 per month – or you can use a free service like Credit Karma.

What to do if you think you are a victim of fraud or identity theft

As soon as you suspect your personal information has been stolen, take steps to stop unauthorized collections and begin recovering your identity.

Place a fraud alert. If you suspect fraud, place a fraud alert with each of the credit reporting companies: Equifax, Experian, and TransUnion. The alert notifies creditors that you have been defrauded and allows them to check with you for new credit applications in your name. You can place an initial fraud alert, which stays on your credit report for 90 days, or an extended fraud alert, which stays on your credit report for seven years. Placing a fraud alert will not affect your credit score.

Contact fraud services. For each business or credit card company where you believe an account was opened or charged without your knowledge, contact its fraud department. Although you are not responsible for fraudulent charges to an account, you must promptly report any suspicious activity.

Freeze your credit. If you want to prevent anyone from opening credit and applying for loans and services in your name without your permission, you can freeze your credit. You will need to request a freeze from each of the three credit reporting companies, which again are Equifax, Experian, and TransUnion. To apply for new credit, you must unfreeze your credit, again, with each of the credit reporting companies. You can either request a temporary lifting of the freeze or unblock it permanently.

Create a recovery plan. The Federal Trade Commission has a valuable tool that helps you report identity theft and recover your identity with a Personal Recovery Plan and Identity Theft Report, which you can use to dispute the charges .

Document everything. Keep copies of all documents and expenses as well as recordings of your conversations regarding the theft.

For more, here are our favorite password managers and best VPN services.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button