April 12, 2024

Data from 73 Million Stolen AT&T Accounts: How to Protect Yourself

AT&T said hackers stole the personal information of 73 million current and former customers. The data, including Social Security numbers, appears to be from 2019 or earlier, AT&T said in a statement, and includes account information for about 7.6 million current account holders and 65.4 million former customers.

The breach first came to light in 2021, when hackers claimed they had stolen AT&T customer data and were putting it up for sale. Fast forward to March 2024, the stolen personal information was discovered on the dark web, according to Troy Hunt, creator of Have I Been Pwned.

In response, AT&T said it has contacted its 7.6 million current customers and reset their passcodes. Whether you are among the smaller group of current customers or the larger group of former account holders who believe their information was stolen during the breach, you can take steps to potentially limit the damage from the breach. Read on to find out what you can do. AT&T did not immediately respond to CNET’s request for comment.

To learn more, here are our picks for the best identity theft protection and monitoring services, and how Consumer Report’s consent form can help you take control of your online data.

What you need to know about the AT&T data breach

AT&T said on March 30 that personal information of 73 million current and former customers was leaked to the dark web in mid-March. The company said the stolen information appears to be from 2019 or earlier, and does not know if the information came from AT&T or one of its suppliers.

What personal information was stolen in the AT&T breach?

According to AT&T, the stolen customer and account information may vary by account, but the thieves had access to the full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode. AT&T said the information does not appear to include personal financial information or call history.

What is an AT&T passcode?

A customer’s access code is essentially a numeric PIN and is usually four digits. A passcode is different from a password and is required to complete an AT&T installation, perform personal account functions by phone, or contact technical support by phone, according to AT&T.

How to reset your AT&T passcode

AT&T says it has already reset the passcodes for the active accounts where data was stolen, but advises that if you haven’t changed your passcode in the past year, you should change it as a precaution. Here’s how to change your AT&T passcode.

  1. Go to your myAT&T profile. Sign in when prompted. (If you have extra security enabled and can’t log in, AT&T says, choose Request a new access code)
  2. Scroll to My linked accounts
  3. Select Editing for the passcode you want to update
  4. Follow the directions to complete

Where to check if you’re part of the AT&T breach

AT&T said it will send an email or letter to the 7.6 million current customers whose data was stolen, explaining the incident, what information was compromised and what it is doing in response. The company said it has reset the passcodes for affected current customers. The company said it is also communicating with the 65.4 million former account holders whose data was stolen.

However, you don’t have to wait for AT&T to contact you. Have I Been Pwned allows you to check if your data has been leaked. If you save your password information in a Google Account, the company’s Password Checker tool can alert you if your account information has been exposed. And the premium version of our favorite password manager, Bitwarden, can check for stolen passwords on the Internet.

If AT&T hasn’t contacted you, changing your passcode and password can help secure your account.

How to check your credit report for fraud

If you think your personal information was part of AT&T’s breach, you can check your credit reports for signs of possible fraud.

Check your credit reports. You receive one free credit report per year from the three major credit bureaus: Equifax, Experian and TransUnion. Look in your report for unusual or unknown activity, such as the appearance of new accounts that you haven’t opened. And watch your credit card bills and bank statements for unexpected charges and payments.

Sign up for a credit monitoring service. Choose a credit monitoring service that continuously monitors your credit report from major credit bureaus and alerts you when it detects unusual activity. To help with monitoring, you can set up fraud alerts that alert you if someone tries to use your identity to obtain credit. A credit reporting service like LifeLock can start at $7.50 per month – or you can use a free service like that from Credit Karma.

What to do if you suspect you are a victim of fraud or identity theft

As soon as you suspect your personal information has been stolen, take action to stop unauthorized charges and discover your identity.

Post a fraud alert. If you suspect fraud, place a fraud alert with each of the credit reporting companies: Equifax, Experian, and TransUnion. The alert informs creditors that you have been a victim of fraud and lets them know that they can verify new credit applications in your name with you. You can place an initial fraud alert, which will remain on your credit report for 90 days, or an extended fraud alert, which will remain on your credit report for seven years. Placing a fraud alert will not affect your credit score.

Contact fraud departments. Contact the fraud department for any company or credit card company where you believe an account has been opened or charged without your knowledge. Although you are not responsible for fraudulent charges to an account, you should report suspicious activity immediately.

Freeze your credit. If you want to prevent someone from opening credit and applying for loans and services in your name without your permission, you can freeze your credit. You will need to request a freeze from each of the three credit reporting companies, again Equifax, Experian, and TransUnion. To apply for new credit, you must re-clear your credit through each of the credit reporting companies. You can request a temporary lifting of the freeze or a permanent lifting of it.

Make a recovery plan. The Federal Trade Commission has a valuable tool to help you report identity theft and restore your identity through a personalized recovery plan and an identity theft report, which you can use to dispute charges.

Document everything. Keep copies of all documents and expenses and records of your conversations about the theft.

For more information, here are our favorite password managers and the best VPN services.

Leave a Reply

Your email address will not be published. Required fields are marked *