It’s New York City. The theft of private data from millions of current and past AT&T customers was recently found online, the phone company said over the weekend.
When AT&T T, +0.28% talked about the data breach on Saturday, they said that a dataset they found on the “dark web” has information on about 7.6 million current account holders and 65.4 million past account holders, such as some Social Security numbers and passcodes.
“Whether the data “originated from AT&T or one of its vendors” is still unknown, the Dallas-based company said, adding that it had begun a review into what happened. AT&T has also started to tell customers whose personal information was stolen.
What kind of Information was Lost or Stolen?
AT&T says that the information that was stolen varied by customer and account, but it included Social Security numbers and passcodes, which are numerical PINS that are usually four characters long.
People may have also had their full names, email addresses, physical addresses, phone numbers, dates of birth, and AT&T account numbers stolen. The hurt data is from 2019 or earlier, and the company said it doesn’t seem to include cash data or call logs.
How to find out if you were hurt
The people who were affected by this breach should be getting an email or letter from AT&T about it. An AT&T representative told the Associated Press that the emails started going out on Saturday.
AT&T, what have you done?
AT&T said that in addition to these messages, it had already reset the passcodes of people who already had accounts. The company also said that it would pay for credit tracking services if they were needed.
Also, AT&T said it “launched a robust investigation” with both internal and external cybersecurity experts to look into the matter further.
Has AT&T seen breaches like this before?
Over the years, AT&T has had a number of data breaches that have been different in size and effect.
The latest breach’s data was found on a hacking forum almost two weeks ago, according to AT&T. However, cybersecurity researcher Troy Hunt told the AP on Saturday that it looks a lot like a breach that happened in 2021 but that AT&T never mentioned.
If they look into this and decide they made the wrong decision, and years have gone by without them being able to tell customers who were affected, Hunt, founder of an Australian website that lets people know when their personal information has been leaked, said, “It’s likely that the company will soon be hit with class action lawsuits.”
When asked about these similarities on Sunday, an AT&T spokesperson refused to say anything else.
How to keep yourself safe from now on
In our increasingly digital world, it can be hard to completely avoid data breaches. However, users can take some steps to help protect themselves going forward.
Making passwords that are hard to guess and using multifactor security when you can are some of the basics. If you get a warning about a breach, you should change your password and keep an eye on your account to see if there are any strange transactions. For reliable contact information, you should also check out a company’s website. Scammers will sometimes use news stories like data leaks to get your trust through fake emails or phone calls that look like the real company.
The Federal Trade Commission also says that Equifax, Experian, and TransUnion, three national credit bureaus, offer free credit freezes and fraud alerts that people can set up to help protect themselves from identity theft and other bad things.