If you're one of the 73 million current or former AT&T customers affected by a recent data breach, you have the right to be concerned. The breach, orchestrated by the hacking group ShinyHunters, exposed sensitive information such as your Social Security number, full name, date of birth, email address, physical address, phone number, and passcode.
AT&T has finally acknowledged the breach after initially denying that the stolen data originated from their systems. The company has notified current customers via email and forced a passcode reset for those affected. The breach, which appears to have occurred in 2019 or earlier, has impacted 7.6 million current customers and a staggering 65.4 million former account holders. If you're a former customer, you may be left wondering if your information is still at risk and what steps you can take to protect yourself.
Details of the breach
The compromised data in the AT&T breach includes a wide range of sensitive personal information, such as Social Security numbers, full names, dates of birth, email addresses, physical addresses, phone numbers, and passcodes. The inclusion of passcodes in the stolen data is particularly concerning, as they serve as a second layer of security for AT&T accounts.
With access to these passcodes, hackers could more easily perform SIM-swapping attacks. These attacks allow hackers to take control of a victim's phone number and use it to bypass two-factor authentication on various online accounts. This type of attack can have severe consequences, as it may enable hackers to gain unauthorized access to a victim's email, social media, or even financial accounts.
Read more: How to Tell if Your Phone Has Been Cloned
How to protect yourself
Here are my recommendations for steps you should take if you've been affected by the AT&T data breach.
1. Change your AT&T password and passcode
If you're a current AT&T customer, change your account password and passcode immediately. Make sure to choose strong, unique passwords and avoid reusing them across different accounts.
Read more: How to Avoid Terrible Passwords
2. Update passwords for other accounts
If you've used the same password for your AT&T account on other online accounts, change those passwords as well. It's crucial to use unique passwords for each account to minimize the risk of a single breach compromising multiple accounts. I recommend using a reputable password manager like 1Password or Dashlane to generate and store strong, unique passwords for all your accounts. This helps you maintain good password hygiene without the need to remember multiple complex passwords.
3. Monitor your credit report and consider freezing your credit
Regularly review your credit reports from the three major credit bureaus - Equifax, Experian, and TransUnion - to identify any suspicious activity or unauthorized accounts opened in your name. You can request a free credit report from each bureau once a year at AnnualCreditReport.com. Additionally, consider placing a credit freeze, which prevents new accounts from being opened in your name, making it more difficult for identity thieves to exploit your stolen information. Contact each credit bureau individually to set up a freeze on your credit files.
Read more: The Best Way to Prevent Identity Theft: Add a Credit Freeze or Fraud Alert
4. Enable two-factor authentication
Whenever possible, enable two-factor authentication on your online accounts to add an extra layer of security. This typically involves entering a code sent to your phone or email in addition to your password when logging in.
Read more: How to Protect Your Accounts with Two-Factor Authentication
Legal action underway
While the situation is undoubtedly distressing, there may be some recompense on the horizon. A class action lawsuit has been filed against AT&T, alleging that the company failed to adequately safeguard sensitive customer data and shared information with a vendor lacking sufficient cybersecurity protections. The lawsuit seeks compensation for affected customers, which may include reimbursement for financial losses and time spent dealing with the aftermath of the breach.
If successful, the lawsuit could send a strong message to AT&T and other companies about the importance of prioritizing customer data protection. However, class action lawsuits can take time to resolve, and not all affected customers may be eligible for compensation.
Final thoughts
The AT&T data breach is a stark reminder of the importance of prioritizing data security. It's clear that companies must prioritize data security and invest in better cybersecurity measures to safeguard customer information. However, as a consumer, you also have a pivotal role to play in protecting your personal data. Stay informed, take action, and hold companies accountable for their handling of your sensitive information.
[Image credit: AT&T data security concept generated by OpenAI's DALL·E]
For the past 20+ years, Techlicious founder Suzanne Kantra has been exploring and writing about the world’s most exciting and important science and technology issues. Prior to Techlicious, Suzanne was the Technology Editor for Martha Stewart Living Omnimedia and the Senior Technology Editor for Popular Science. Suzanne has been featured on CNN, CBS, and NBC.
