NEW YORK — The theft of sensitive information worth millions of AT&T’s current and former customers were recently discovered online, the telecommunications giant said this weekend.
In a Saturday announcement about the data breach, AT&T said a dataset found on the “dark web” contains information including some Social Security numbers and access codes for about 7.6 million current account holders and 65.4 million former account holders.
Whether the data “comes from AT&T or any of its suppliers” is still unknown, the Dallas-based company noted, adding that it had launched an investigation into the incident. AT&T has also started notifying customers whose personal data has been compromised.
Here’s what you need to know.
Although this varies by customer and account, AT&T says the information involved in this breach included Social Security numbers and passcodes – which, unlike passwords, are numeric PINs typically consisting of four digits.
Full names, email addresses, postal address, telephone numbers, dates of birth and AT&T-account numbers may also have been compromised. The affected data is from 2019 or earlier and does not appear to contain any financial information or call history, the company said.
Consumers affected by this breach should receive an email or letter directly from AT&T about the incident. The emails started going out on Saturday, an AT&T spokesperson confirmed this to The Associated Press.
In addition to these reports, AT&T said it had already reset the current users’ passcodes. The company added that it would pay for credit monitoring services where appropriate.
BEE&T also said it has “initiated a robust investigation” with internal and external cybersecurity experts to further investigate the situation.
BEE&T has seen several data breaches over the years that vary in size and impact.
While the company says details of this latest breach surfaced on a hacking forum almost two weeks ago, it is very similar to a similar breach that surfaced in 2021, but which AT&I never acknowledged it, cybersecurity researcher Troy Hunt told the AP on Saturday.
“If they review this and made the wrong decision, and we’ve gone several years without them being able to notify affected customers,” then it’s likely the company will soon face a class action lawsuits, says Hunt, founder of an Australia-based website that alerts people when their personal information has been exposed.
A spokesperson for AT&T declined to comment further when asked about these agreements on Sunday.
Completely avoiding data breaches can be difficult in our increasingly digitalized world, but consumers can take some steps to protect themselves in the future.
The basics include making passwords hard to guess and using multi-factor authentication whenever possible. If you receive a breach notification, it’s a good idea to change your password and monitor account activity for suspicious transactions. You’ll also want to visit a company’s official website for reliable contact information. Scammers sometimes try to take advantage of news such as data breaches to gain your trust through similar-looking phishing emails or phone calls.
Additionally, the Federal Trade Commission notes that nationwide credit bureaus – such as Equifax, Experian and TransUnion – offer free credit freezes and fraud alerts that consumers can set to help protect themselves from identity theft and other malicious activity.
___
AP reporter Matt O’Brien contributed to this report from Providence, Rhode Island.
