In one of the largest customer data breaches of its kind, AT&T reported on March 30 that personal data belonging to 73 million of its current and former customers appeared on the dark web about 2 weeks ago.
AT&T, the largest wireless carrier in the US, said that social security numbers, PINs, account numbers, full names, email addresses, mailing addresses, phone numbers, and dates of birth were among the data that appeared on a hacking forum. The compromised data points appeared to be different for each customer, but no financial information was included.
Former customers before 2019 made up the largest affected group, numbering about 65.4 million. Only about 7.6 million of AT&T’s 242 million existing subscribers had their personal information hacked.
AT&T says that it has already changed all the compromised PIN codes and that it will notify all past and current account holders affected by the breach, either by email or postal mail.
Cybersecurity experts advise that anyone receiving a notice saying their personal data has been compromised should immediately change their AT&T account password and monitor all their accounts for suspicious activity.
It’s also a good idea to set up free fraud alerts with all three of the nationwide credit bureaus, Equifax, Experian, and TransUnion. If you detect any malicious activity, you can ask all three credit bureaus to freeze your credit report so that identity thieves can’t create new accounts in your name. This is especially important in the AT&T data breach because many of the stolen data points were social security numbers.
AT&T said it “has launched a robust investigation supported by internal and external cybersecurity experts.” The company said it is still unknown whether the data breach “originated from AT&T or one of its vendors.”
An Australian cybersecurity researcher claims that AT&T was the victim of a similar data breach in 2021 but never informed its customers. If true, AT&T could be setting itself up for class-action lawsuits, according to the researcher.