Sensitive data linked to millions of current and former AT&T customers was leaked on the dark web, the company reported over the weekend.
A dataset containing information about 7.6 million AT&T account holders and 65.4 million former account holders appeared on a hacking forum nearly two weeks ago. Leaked data includes Social Security numbers, account passcodes, and possibly email addresses, mailing addresses, phone numbers, and birth dates, AT&T said Saturday, March 30.
The leaked data didn’t appear to include financial information or call history, according to the company.
How to know if your data has been leaked
AT&T is expected to contact all account holders affected by the data breach. The company said Saturday that it began reaching out to account holders whose sensitive personal information was compromised, according to the Associated Press.
Affected customers should receive an email or a mailed letter directly from AT&T. It wasn’t clear exactly when all letters and emails were expected to be sent by.
Officials said that the type of sensitive information included in the data breach varied by customer -- meaning that there weren’t necessarily 73 million SSNs leaked.
What should you do in the meantime?
AT&T said that it had already reset passcodes for current users. Passcodes are not the passwords to an account, but rather numerical PINS that are usually four digits. Still, it might be beneficial to reset your password.
If you’re looking to reach out to the company directly, be sure to only use the official contact information provided on AT&T’s website. Scammers use data breaches like this as an opportunity to step in and get your information while you may be in panic mode, so be careful who you give information to.
Click here to access AT&T’s support page for more specific help. Wireless phone customers can call AT&T’s customer service at 611 any time. Internet and home phone customers can call 800-288-2020.
If you think you’ve been affected by the breach, you can request a credit freeze. Nationwide credit bureaus like Equifax, Experian and TransUnion allow people to institute a free credit freeze and request fraud alerts.
Learn more about credit freezes and fraud alerts from the FTC here.
Another step you can take to better protect yourself and your information is to purchase a VPN, or a virtual private network, for your computers and/or phones. These private networks are meant to keep your activity and information secure.
Some VPN companies offer services that can directly detect if your information has been leaked on the dark web.
What is the dark web?
The dark web is part of the internet that can’t easily be accessed through your existing search browsers, like Google Chrome. This layer of the internet is intentionally hidden and can only be accessed through specific browsers, software, configurations and the like.
The dark web is largely associated with criminals, but they aren’t the only people -- or companies or groups -- to use it. There are legitimate uses of the space, as well.
The dark web is a platform where users can anonymously engage with restricted content, solicit products, make transactions, and more. Whether the use is legitimate or not, the benefit of the dark web is privacy and anonymity.
Where did the AT&T data breach happen?
AT&T said it was still unsure if the data that was leaked “originated from AT&T or one of its vendors.” The Dallas-based telecommunications company says it provides voice coverage in 220 countries and data coverage in more than 190 countries -- so it wasn’t entirely clear where customers were most affected.
---> AT&T says a data breach leaked millions of customers’ information online. Were you affected?
Why do data breaches happen? Are they getting worse?
A data breach is when someone (or someones) accesses sensitive consumer information without authorization to do so. That information may be shared or sold elsewhere.
With our world, information, and everyday tasks becoming more and more digitized, data breaches are happening more and more frequently. Several experts have said cyberattacks have risen significantly in recent years across the globe, especially in 2023.
In a study supported by Apple, Professor Stuart Madnick found that “data breaches are now at an all-time high” for organizations in the U.S.
“In just the first nine months of 2023, data breaches in the US ... already increased by nearly 20% compared to all of 2022 -- and organizations around the world have faced similar trends,” the study reads.
“These attacks are increasingly impactful because people are now living more of their lives online, meaning that corporations, governments, and other types of organizations collect more and more personal data -- sometimes with little choice from individuals. And because people’s most personal data can be exploited and sold for a significant profit, it’s become a growing target for cybercriminals.”
Another problem is a rise in ransomware gangs that break into a person’s, company’s, or institution’s computer system, take hold, and demand ransom for its return. Ransomware attackers can threaten to publish or block access to important information and files. Ransomware attacks may target individuals or large organizations, like hospitals or government offices.
Data breach examples from last year: