What you should do after massive AT&T data breach

AT&T has had a rough year. Back in February, customers experienced a massive network outage that lasted about 12 hours. This month, another round of bad news came from the company: AT&T suffered a massive data breach that affected more than 70 million customers (7.6 million current customers and 65.4 million former customers). The data found its way onto the dark web, a popular destination for bad actors to sell stolen data and information, and the company doesn't know exactly whether the breach occurred through AT&T itself or a third-party vendor.

What AT&T information was exposed in the data breach?

AT&T only directly tells customers which of their information was compromised, so we don't know the exact details of what was leaked onto the dark web. However, the company says this information "varies by customer and account" and may include your full name, birthday, email address, mailing address, phone number and Social Security number in addition to your AT&T account number and password . Some data is obviously more sensitive than others, so not everyone will have the same experience.

However, whatever information was stolen may not have been recent. AT&T said the data set is from 2019 and earlier, so it does not appear to include any information generated within the past four to five years. Of course, people don't change their Social Security numbers that often, but if you move or change your email address, hackers may have outdated information.

If you are one of the affected customers, AT&T will contact you directly via email or letter to let you know what data was compromised. Hackers claim to have leaked a similar data set back in August 2021; at the time, the data set was only partially released, so it's unclear whether the data is actually legitimate. AT&T says the incidents are not related.

What should I do if my AT&T data is compromised?

AT&T is proactively resetting active customers' passwords (the four-digit PIN you use to authenticate yourself to the company) regardless of whether they were affected by the breach. The first thing you should do is add new code of your own creation. To do this, log into your myAT&T profile, click Get New Password , go to My Linked Accounts , select Edit for the password you want to update, and follow the on-screen instructions.

This might also be a good time to change your password. If you haven't done so already, setting up two-factor authentication for your account can help prevent a breach if someone steals your password, since you'll need access to a trusted device to verify your identity. AT&T also recommends setting up a fraud alert through credit bureaus such as Equifax, Experian and TransUnion, as stolen Social Security numbers can be used for identity theft. While the services are free, the company is offering free identity theft and credit monitoring services to all affected users, so keep an eye out for setup instructions in your email or letter from AT&T.