Victim of AT&T data breach? Here’s what you need to do

Malicious actors have been very busy these past months, flooding breach forums and underground marketplaces with millions of stolen records.

Most recently,  hackers have leaked a trove of data belonging to 73 million former and current customers of telecommunications giant AT&T on the infamous Breached forum.

The data, posted March 17, includes personally identifiable information of 7.6 million current AT&T account holders and 65.4 million former account holders, including names, addresses, phone numbers and, in some cases, even Social Security numbers and dates of birth. Threat actors also leaked security passcodes for a subset of 7.6 million customers.

AT&T confirmed the allegations on the dark web forum in a statement. However, it has yet to determine whether the data was exfiltrated directly from AT&T systems or one of its vendors.

“AT&T* has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago,” the telecom company said. “While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.”

According to its ongoing investigation, AT&T says the leaked info does not include any of their customers' financial information or call history.

Are you a victim?

Data breaches take place daily, and many victims get overwhelmed, unable to fully understand the aftermath of a security incident and the identity or financial risks that follow.

Here’s what you can do to protect your identity and wallet:

Start by finding out what type of information was exposed

If you’ve already received a data breach notification email or letter from AT&T, read it closely to determine what data was involved and how it can impact your wellbeing. Remember, compromised information can vary. If you are unsure or have questions, contact AT&T via official channels only.

Note: Unless specified on legitimate channels, AT&T will not contact victims of the data breach via phone or text. So be extremely skeptical of unsolicited phone calls from individuals who claim to be company employees, as they may be phishing for more sensitive information.

Additionally, Bitdefender’s dedicated identity protection service can help you check if your information has been exposed to data breaches throughout the years.

Change your AT&T passcode

As stated earlier, the telecom company has confirmed that passcodes for 7.6 million customers were compromised.

As a proactive measure to ensure the security of AT&T accounts, the company has reset passcodes (four-digit PINs) for all impacted customers and urges all users who haven’t changed them in the past year to do so now:

1.     Go to your myAT&T Profile. Sign in, if asked. (If you have extra security enabled and can't sign in, choose Get a new passcode).

2.     Scroll to My linked accounts.

3.     Select Edit for the passcode you want to update.

4.     Follow the prompts to finish up.

Important: Remember not to use character combinations from your previously used passcodes.

Freeze your credit and monitor financial accounts closely, if your SSN was leaked

A credit freeze prevents creditors and unauthorized parties, including identity thieves, from viewing and accessing your credit report. You can also set up free fraud alerts on all three credit bureaus: Equifax, Experian and TransUnion.

Don’t forget to enroll in the complimentary identity theft and credit monitoring services offered by AT&T. All the information should be provided in the data breach letter you received.

Get ready for incoming scams and phishing attempts

Becoming a target for scammers and phishing is inevitable in the aftermath of a breach. And this is where your vigilance and proactive measures need to shine.

Since the leaked data included contact information for most AT&T customers, you should expect a significant increase in unsolicited correspondence via email, text and phone calls.

Monitor all incoming correspondence closely and never follow through with unsolicited requests for personal information, passwords or any other sensitive information. Whenever in doubt, contact the company, online platform, or service provider directly (not using the contact information from the email or message).

If you spot a fraud or phishing attempt, immediately report it to your provider or financial institution.

Here’s how Bitdefender can help:

It’s only a matter of time before you receive a seemingly inconspicuous message that can impact your security and finances. Bitdefender security solutions offer a comprehensive list of scam prevention and fraud-thwarting services that can significantly improve your digital safety and protect your identity, including:

Award-winning and multi-layered online protection features:

• Web Protection  alongside anti-phishing and anti-fraud technologies that detect and block fraudulent websites from stealing your information, credentials, and credit cards
• Email Protection features that help you outsmart fraudsters and internet crooks (Gmail & Outlook)

A dedicated scam-fighting armory with:

• Scam Alert features that notify you in real-time whether a message you receive via text, messaging apps, or any other mobile notification is a scam (iOS and Android)
• Scamio, our next-gen AI chatbot, is available 24/7 and allows you to check if any unsolicited message you receive is a potential scam or fraud attempt. Type, upload an image or screenshot, copy and paste links and texts, or even send Scamio a suspicious QR code to get a safe or not-safe verdict immediately.

Last but not least, you can take ownership of the digital you, and stay on data security incidents with our dedicated Digital Identity Protection service that combines numerous prevention layers to mitigate potential risks to your identity due to data breaches and leaks.

You can immediately identify your breach history, scan criminal marketplaces and publicly available databases for your exposed information, get real-time alerts of new data breaches, and even minimize your digital footprint by discovering dormant online accounts.

You will also be able to fully understand your data-breach risk with in-depth explanations of how every individual security incident can directly affect your well-being and receive clear and concise one-click actions to limit potential damages.

You can find all these features and more in our all-in-one security solutions here.