AT&T data leak from 73 million customers; what you need to do next

Cybersecurity alert: How affected customers can take protective action for their personal data leaked online

What was reason for AT&T's nationwide cellular outage?

Media and technology attorney Matthew Bilinsky weighs in on AT&T’s cellular outage and Google’s Gemini AI tool on "Fox News @ Night."

Millions of AT&T customers could be at risk of having their data exposed after the carrier confirmed user data was published on the dark web. 

More than 73 million current and former customers now have information like their Social Security number, address and more out in the open.

According to AT&T, the leak was published two weeks ago. So far, all the data is from 2019 or earlier. It includes information from 7.6 million current users and a whopping 65.4 million former customers. AT&T is investigating and says it's still unclear if the data comes from the company or a third party.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

AT&T data breach 1

Security expert working on laptop (AT&T)

What information was involved? 

According to the company’s website, "The information varied by customer and account but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode."

How do you know if you are affected by the data leak?

The company is contacting current and former customers whose data has been leaked and resetting passwords for current users. Customers affected by this security breach can expect to receive a direct communication from AT&T via email or letter regarding the incident.

AT&T REVEALS DATA BREACH AFFECTING 9 MILLION WIRELESS ACCOUNTS

What action is AT&T taking?

In addition to these notifications, AT&T has already reset the passcodes for current users.

AT&T discovered the information in a specific data set on the dark web. The company is still combing through the set but released this statement:

"AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. We encourage current and former customers with questions to visit www.att.com/accountsafety for more information."

AT&T data breach 2

Security icon on a computer (Kurt "CyberGuy" Knutsson)

MORE: BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU

How do I check if my information is on the dark web?

You can go to haveibeenpwned.com to check if your information was sold on the dark web. Just enter your email address into the search bar. The website will search to see your data and display if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen. 

What to do if your information has been stolen?

So, what do you do if you are notified or discover that your info is on the haveibeenpwned.com site? You should take immediate action to minimize the damage. Here are some steps that you can follow:

Change your passwords

If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.

Enable two-factor authentication

You’ll want to activate two-factor authentication for an extra layer of security.

AT&T DATA breach 3

Illustration of data on a computer (Kurt "CyberGuy" Knutsson)

MORE: 26 BILLION REASONS TO PROTECT YOURSELF AFTER MASSIVE DATA LEAK IS EXPOSED

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.

You should also contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit, if need be.

Use identity theft protection

Identity Theft protection companies can monitor personal information like your home title, Social Security Number, phone number and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

MORE: WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Kurt's key takeaways

It's important to note that this is still a fluid situation. AT&T has said it is actively investigating and gathering information. However, we can take away some concrete lessons. You should do everything you can to lock up your data. That means using unique passwords, password managers and two-factor authentication to stay safe. Some of these lessons are simple, too, like never reusing passwords.

This also shows that your data can end up in some pretty scary places. The dark web is the internet's Wild West, and you never know who could be accessing your information.

Are you worried about your information being exposed on the dark web? What more can companies do to make sure your data stays off of it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Authored by Kurt Knutsson, Cyberguy Report via FoxNews April 2nd 2024