Data From 73 Million AT&T Accounts Stolen: How You Can Protect Yourself

AT&T mentioned hackers have stolen the non-public data of 73 million present and former clients. The information, together with Social Security numbers, seems to be from 2019 or earlier, AT&T mentioned in an announcement, and contains account data for about 7.6 million present account holders and 65.4 million former clients.

The leak first got here to mild in 2021, when hackers claimed they’d stolen buyer information from AT&T and would put the knowledge up on the market. Fast-forward to March 2024, the stolen private data was found on the darkish net, in line with Troy Hunt, creator of Have I Been Pwned. 

In response, AT&T mentioned it has contacted the 7.6 million present clients and has reset their passcodes. Whether you are within the smaller set of present clients or the bigger group of former account holders who suppose their information has been stolen within the breach, you possibly can take steps to probably reduce the injury of the breach. Read on for what you are able to do. AT&T did not instantly reply to CNET’s request for remark. 

For extra, this is our picks for the most effective id theft safety and monitoring providers and the way Consumer Report’s permission slip may also help you’re taking management of your on-line information. 

What to know concerning the AT&T information leak

AT&T on March 30 mentioned that private data of 73 million present and former clients was leaked in mid-March to the darkish net. The firm mentioned the stolen data seems to be from 2019 or earlier, and it doesn’t know if the knowledge got here from AT&T or one among its distributors. 

What private data was stolen within the AT&T breach?

According to AT&T, which buyer and account information was stolen might differ by account, however thieves had entry to clients’ full identify, e mail handle, mailing handle, telephone quantity, Social Security quantity, date of delivery, AT&T account quantity and passcode. AT&T mentioned the knowledge would not seem to comprise private monetary data or name historical past.

What is an AT&T passcode?

A buyer’s passcode is basically a numerical PIN and is normally 4 digits. A passcode is totally different from a password and is required to finish an AT&T set up, carry out private account capabilities by telephone or contact technical help by telephone, AT&T mentioned.

How to reset your AT&T passcode

AT&T mentioned it has already reset the passcodes for these lively accounts the place information was stolen however recommends if you have not modified your passcode prior to now yr, you need to change yours as a precaution. Here’s how you can change your AT&T passcode.

1. Head to your myAT&T Profile. Sign in, if requested. (If you’ve got further safety enabled and might’t sign up, AT&T says, select Get a brand new passcode)
2. Scroll to My linked accounts
3. Select Edit for the passcode you wish to replace
4. Follow the prompts to complete up

Where are you able to examine in case you are a part of the AT&T breach

AT&T mentioned it can e mail or mail a letter to the 7.6 million present clients whose information was stolen, explaining the incident, what data was compromised and what it’s doing in response. The firm mentioned it has reset passcodes for affected present clients. The firm mentioned it’s also speaking with the 65.4 million former account holders whose information was stolen.

You do not have to attend for AT&T to contact you, nonetheless. Using Have I Been Pwned, you possibly can examine whether or not your information has been leaked. If you retailer your password data in a Google account, the corporate’s Password Checkup instrument can warn you in case your account data has been uncovered. And the premium model of our favourite password supervisor, Bitwarden, can examine for stolen passwords on the net. 

Changing your passcode and password, if AT&T hasn’t contacted you, may also help safe your account.

How to observe your credit score report for fraud

If you suppose your private data was a part of the AT&T breach, you possibly can watch your credit score reviews for indicators of potential fraud. 

Monitor your credit score reviews. You get one free credit score report a yr from the three main credit score bureaus: Equifax, Experian and TransUnion. On your report, search for uncommon or unfamiliar exercise, similar to the looks of recent accounts you did not open. And watch your bank card accounts and financial institution statements for sudden prices and funds.

Sign up for a credit score monitoring service. Pick a credit score monitoring service that continually screens your credit score report on main credit score bureaus and alerts when it detects uncommon exercise. To assist with the monitoring, you possibly can set fraud alerts that notify you if somebody is attempting to make use of your id to create credit score. A credit-reporting service like LifeLock can begin at $7.50 a month — or you possibly can use a free service just like the one from Credit Karma. 

What to do should you suspect you are a sufferer of fraud or id theft

As quickly as you observed your private data has been stolen, take motion to cease unauthorized prices and begin to get better your id.

Place a fraud alert. If you observed fraud, place a fraud alert with every of the credit score reporting corporations: Equifax, Experian and TransUnion. The alert notifies collectors that you’ve got been a sufferer of fraud and lets them know to confirm with you new credit score requests in your identify. You can place an preliminary fraud alert, which stays in your credit score report for 90 days, or an prolonged fraud alert, which stays in your credit score report for seven years. Placing a fraud alert will not have an effect on your credit score rating. 

Contact fraud departments. For every enterprise and bank card firm the place you suppose an account was opened or charged with out your data, contact its fraud division. While you are not accountable for fraudulent prices to an account, it’s essential report the suspicious exercise promptly.

Freeze your credit score. If you wish to cease anybody from opening credit score and requesting loans and providers in your identify with out your permission, you possibly can freeze your credit score. You might want to request a freeze with every of the three credit score reporting corporations, which once more are Equifax, Experian and TransUnion. To apply for brand new credit score, it’s essential unfreeze your credit score, once more, by way of every of the credit score reporting corporations. You can both request a brief raise of the freeze or unfreeze it completely.

Create a restoration plan. The Federal Trade Commission has a invaluable instrument that helps you report id theft and get better your id by way of a private restoration plan and Identity Theft Report, which you should utilize to dispute prices.

Document every little thing. Keep copies of all paperwork and bills and information of your conversations concerning the theft.

For extra, listed below are our favourite password managers and the finest VPN providers.