NEW YORK (AP) – The theft of confidential information belonging to millions of AT&T's current and former customers was recently discovered online, the telecommunications giant announced this weekend.
In Saturday's announcement about the data breach, AT&T said the data set found on the “dark web” included some Social Security benefits of approximately 7.6 million current account holders and 65.4 million former account holders. It said it contained information including a number and passcode.
It is still unclear whether the data “came from AT&T or one of its vendors,” the Dallas-based company said, adding that it had begun an investigation into the incident. AT&T also began notifying customers whose personal information was compromised.
Here's what you need to know:
What information was exposed in this breach?
Although it varies by customer and account, AT&T said the information involved in the breach included social security numbers and passcodes, which are typically four-digit numeric PINs, as opposed to passwords. .
Your name, email address, mailing address, phone number, date of birth, and AT&T account number may also have been compromised. The affected data is from before 2019 and does not appear to include financial information or call history, the company said.
How do I know if I am affected?
Consumers affected by this breach should receive an email or letter directly from AT&T regarding this incident. An AT&T spokesperson confirmed to The Associated Press that the email notifications began going out on Saturday.
What action did AT&T take?
In addition to these notifications, AT&T said it has already reset passcodes for current users. The company added that it will pay for credit monitoring services where applicable.
AT&T also said it has “begun a robust investigation” with internal and external cybersecurity experts to further investigate the situation.
Has AT&T ever seen a data breach like this?
AT&T has seen several data breaches over the years, varying in size and scope.
The company says data from this latest breach, which surfaced on hacking forums nearly two weeks ago, is very similar to a similar breach that surfaced in 2021 but was not acknowledged by AT&T, but cybersecurity research Troy Hunt told The Associated Press on Saturday.
“If they evaluate this, make the wrong decision, and fail to notify affected customers for years, the company could soon face a class action lawsuit,” founder Hunt said. It's expensive,” he said. An Australian-based website that alerts you if your personal information is compromised.
Asked about these similarities Sunday, an AT&T spokesperson declined further comment.
How can I protect myself in the future?
While it may be difficult to completely avoid data breaches in an increasingly digital world, consumers can take some steps to protect themselves in the future.
The basics include creating passwords that are difficult to guess and using multi-factor authentication when possible. If you receive a notification of a breach, we encourage you to change your password and monitor your account activity for suspicious transactions. We also recommend visiting the company's official website to obtain reliable contact information. Fraudsters often take advantage of news such as data breaches to gain trust through similar phishing emails and phone calls.
Additionally, the Federal Trade Commission has announced that national credit bureaus such as Equifax, Experian, and TransUnion offer free credit freezes that consumers can place to protect themselves from identity theft and other malicious activity. It points out that it offers fraud alerts.
___
AP reporter Matt O'Brien contributed to this report from Providence, Rhode Island.
