Millions of AT&T customers saw their data containing sensitive information exposed online late last week. The breach appears to be related to a 2021 data breach, which AT&T denied at the time.
The breach first came to light in 2021, when hackers claimed to have stolen customer data from AT&T and put it up for sale. Later, some of the data purported to come from AT&T was made public, but no breaches were ever specifically confirmed. What's more, AT&T completely denied that this breach even occurred.
This news resurfaced late last week when a complete set of the same stolen data was allegedly leaked. The newly leaked data set included sensitive information such as Social Security numbers, home addresses, and names. Troy Hunt, creator of Have I Been Pwned?, his website where you can see if you were involved in a breach and what data was compromised, analyzes the leaked data in a blog post. did.
Hunt's post describes the technical aspects of the breach, but does not conclude where the data came from or who stole it. One thing is clear, though: Hunt feels he has “proved with sufficient confidence that the data is real and the impact is significant.”
At the end of the day, it doesn't matter where the leaked information came from. If your personal information is available for everyone to see, you'll want to do something about it. Here's what you need to know about the AT&T breach allegations and the next steps you should take if you discover your information has been compromised.
To learn more, check out our selection of the best services and methods for protecting and monitoring your identity theft. Consumer Report's permission slip helps you manage your online data.
AT&T did not immediately respond to CNET's request for comment.
What you need to know about the AT&T data breach allegations
AT&T denied the breach was first reported in 2021, and later in 2024, when the full set of potentially stolen data was posted online. I denied it again. This means we don't fully know where this data came from, but TechCrunch notes that reports from customers who have identified their data indicate that this data may be real. is showing.
The leaked data includes names, personal addresses, email addresses, phone numbers, dates of birth, and social security numbers.
The alleged breach includes the personal information of up to 73 million AT&T customers. However, the actual number of customers affected may be lower because some of this data may be repeated.
How to tell if your information was involved in a breach
At the time of publication, AT&T does not offer customers a way to confirm whether their data is involved in the alleged breach. Indeed, the company continues to deny that this breach came from AT&T in the first place.
That doesn't mean there's nothing you can do to help yourself. As mentioned above, Have I Been Pwned is an easy way to check if your data has been compromised. Users of the r/privacy subreddit are encouraged to stay aware of news regarding breaches in which they may be involved.
How to monitor your credit report for fraud
If you've been affected by an alleged breach, or are simply worried that you may have been, it doesn't hurt to keep an eye on your credit report for potential fraud. .
Monitor your credit report. You can get one free credit report per year from the three major credit bureaus: Equifax, Experian, and TransUnion. (Please note that Equifax is recovering from its own situation) data breach.) Look for unusual or unfamiliar activity in your reports, such as the appearance of new accounts that are not open. Also, keep an eye on your credit card accounts and bank statements for unexpected charges or payments.
Sign up for a credit monitoring service. please select credit monitoring service It constantly monitors your credit report from the major credit bureaus and alerts you when it detects unusual activity. To help you monitor, you can set up fraud alerts that notify you when someone tries to create trust using your identity.a Credit reporting services like LifeLock can cost between $10 and $30 per month –Alternatively, you can use free services such as: credit karma.
Look at this: It was too easy to find personal data on the dark web
What to do if you think you're a victim of fraud or identity theft
As soon as you suspect your identity has been stolen, you can take steps to stop fraudulent charges and begin recovering your identity.
Issue a fraud alert. If you suspect fraud, file a fraud alert with Equifax, Experian, and TransUnion credit reporting agencies. This alert notifies creditors that you are the victim of fraud and reminds them to check that you have made new credit requests in your name. You can set up an initial fraud alert that stays on your credit report for 90 days, or an extended fraud alert that stays on your credit report for 7 years. Issuing a fraud alert does not affect your credit score.
Please contact our fraud department. For each company and credit card company where you believe an account was opened or charged without your knowledge, please contact their fraud department. Although we are not responsible for unauthorized charges to your account, you should promptly report any suspicious activity.
Freeze your credit. If you want to prevent someone from opening credit or requesting loans or services in your name without your permission, you can freeze your credit. You will need to request a freeze from each of the three credit bureaus (also his Equifax, Experian, and TransUnion). To apply for new credit, you will need to unfreeze your credit again through each credit bureau. You can request a temporary unfreeze, or you can unfreeze permanently.
Document everything. Keep copies of all documents and expenses, as well as records of conversations about the theft.
Create a recovery plan. The Federal Trade Commission provides valuable tools to help you report identity theft and recover your personal information through a Personal Recovery Plan.