Whether you are a current subscriber or had an AT&T account in the past, your personal data could be part of a massive breach that according to a note from AT&T to customers impacts up to 73 million account holders (via WP).
The 7.6 million current subscribers involved in the breach have had their passcodes reset and should have received communication from AT&T already notifying them of the breach. The stolen data is all from 2019 or earlier and also includes 65.4 million former account holders. While according to AT&T there is no financial or call history information, it may include full names, email addresses, mailing addresses, Social Security numbers, date of birth, AT&T account numbers and passcodes.
Naturally, that is a recipe for identity theft, so all impacted account holders need to be aware of the situation and what to do from here.
What should you do?
If your data was part of the breach you can expect an email or letter from AT&T with additional details and your full options.
While you wait for that to arrive your first step should be to reset your passcode to avoid anyone gaining access to your account to steal additional information. Now to be clear this is your numerical PIN for your AT&T account, not your password.
Unfortunately, there isn’t much else you can do to proactively protect yourself against the breach as the data was released onto the dark web around two weeks ago.
What AT&T will offer those impacted is complimentary identity theft and credit monitoring services, hopefully allowing you to quickly catch any potentially damaging activities carried out using your information.
What happened?
It’s unclear at this point if AT&T is actually responsible for the lost data. The company claims that it has no “evidence of unauthorized access to its systems resulting in theft of the data set.”
It is entirely possible that a third party working with AT&T is to blame, but obviously, the end result is the same, so that’s cold comfort to account holders that now need to worry about identify theft.