By WYATTE GRANTHAM-PHILIPS AP Business Reporter
NEW YORK — AT&T revealed that sensitive information belonging to millions of current and former customers has been discovered online. This includes Social Security numbers and passcodes for about 7.6 million current account holders and 65.4 million former account holders.
In a Saturday announcement addressing the data breach, AT&T said a dataset found on the “dark web” contains the compromised information. The company has begun an investigation into the incident and is notifying affected customers.
Whether the data “originated from AT&T or one of its vendors” is still unknown, the company noted. AT&T has also begun notifying customers whose personal information was exposed.
Here’s what you need to know.
WHAT INFORMATION WAS COMPROMISED?
AT&T said that the breached information included Social Security numbers and passcodes, as well as full names, email addresses, mailing addresses, phone numbers, dates of birth, and AT&T account numbers.
The affected data is from 2019 or earlier and does not seem to include financial information or call history, according to the company.
HOW DO I KNOW IF I WAS AFFECTED?
Consumers impacted by this breach should receive communication directly from AT&T about the incident. The company has already initiated resetting the passcodes of current users and will provide credit monitoring services where applicable.
WHAT ACTION HAS AT&T TAKEN?
In addition to notifications, AT&T has launched an extensive investigation with internal and external cybersecurity experts.
AT&T also mentioned that it had reset the passcodes of current users and would cover credit monitoring services if necessary.
HAS AT&T SEEN DATA BREACHES LIKE THIS BEFORE?
AT&T has experienced various data breaches of different sizes and impacts over the years.
While the company disclosed that the data in this recent breach surfaced nearly two weeks ago, cybersecurity researcher Troy Hunt stated that it closely resembles a similar breach from 2021. AT&T allegedly did not acknowledge this breach.
Troy Hunt, the founder of a website that alerts individuals about exposed personal information, warned that if AT&T failed to notify affected customers due to an incorrect assessment, the company might face class action lawsuits.
AT&T declined to comment further when asked about these similarities Sunday.
HOW CAN I PROTECT MYSELF?
Fully avoiding data breaches in our digital world is challenging, but consumers can take steps to protect themselves. This includes creating strong passwords, using multi-factor authentication, changing passwords when notified about a breach, monitoring account activity, and being cautious of phishing emails or calls.
It's important to use complex passwords and enable multi-factor authentication when possible. If you receive a breach notice, change your password and monitor account activity for any unusual transactions. Also, verify contact information directly from the company's official website to avoid falling for phishing attempts.
Additionally, the Federal Trade Commission states that major credit reporting agencies like Equifax, Experian, and TransUnion provide costless credit freezes and fraud alerts that individuals can establish to safeguard against identity theft and other harmful actions.
