Telecommunications giant AT&T confirmed that it recently suffered a massive data breach that exposed personal information on tens of millions of current and former customers.
Over the Easter weekend, AT&T verified that sensitive data belonging to 73 million people had been leaked to the dark web after years of rumors that a hacker had stolen large amounts of AT&T customer data. The information includes Social Security numbers and account access codes; Full names, email addresses, home addresses and more may also have been leaked.
“The data set appears to date back to 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” the company said in a statement released Saturday on its website. “The company is proactively communicating with affected individuals and will offer credit monitoring at our expense where applicable.”
AT&T says it has reset the access codes of affected customers’ accounts. Passcodes are separate from passwords and are typically four digits long. They can be used to log in to an AT&T account in place of a full password.
AT&T stock prices fell about 2.5% Monday morning to a low of $17.16 as markets opened from the holiday weekend, but had largely recovered as of Tuesday afternoon.
AT&T Data Breach: What Happened This Time?
According to TechCrunch, which broke the news and alerted AT&T to the breach, a hacker posted the entire data set on a dark web forum last month.
The original breach appears to have occurred in 2021 or earlier. The hacker who claimed responsibility for the breach previously posted a small portion of the stolen data on the same forum in 2021, but AT&T did not publicly acknowledge the breach until Saturday.
This isn’t the first data breach AT&T has dealt with. The Associated Press reports that the telecommunications company has suffered several breaches over the years, including one in 2014 in which a rogue employee accessed the personal data of about 1,600 customers.
Who was affected by the AT&T data breach?
In total, approximately 73 million people’s information was leaked onto the dark web in connection with the AT&T data breach. This includes sensitive information such as Social Security numbers, addresses and account information of 7.6 million current AT&T customers and more than 65 million former customers, the company confirmed.
How to know if your information has been leaked
As of now, the best way to know if your information has been leaked is to wait for AT&T to contact you.
“If your information has been affected, you will receive an email or letter from us explaining the incident, what information has been compromised, and what we are doing for you in response,” the company said on its website .
The company said it will provide free credit monitoring services to at least some of the people affected by the leak. Typically, credit monitoring services help people deal with identity theft by automatically sending alerts about changes to their credit report, credit score, or other suspicious activity.
How to protect your identity and your sensitive data
Identity theft has been a widespread problem in the United States for decades, and it has gotten significantly worse since the pandemic. In 2019, the Federal Trade Commission received nearly 650,000 reports of identity theft. In 2023, that number has risen to more than 1 million, a 60% increase.
Even so, identity theft remains vastly underreported, according to Axton Betz-Hamilton, an identity theft expert and professor of consumer affairs at South Dakota State University.
He previously told Money that preventing and dealing with identity theft requires vigilance. Once your information is available on the dark web, as could happen with the AT&T data breach, it can be bought and sold forever.
Ideally, you should take steps to prevent identity theft in the first place, he said. This includes using strong, unique passwords and/or a password manager; never open emails from unknown senders or answer phone calls from unknown numbers; and keep your sensitive documents like Social Security cards and birth certificates in a bank safe deposit box (not at home).
One of the biggest strategies Betz-Hamilton recommends is to freeze your credit with the “big three” credit bureaus: Equifax, Experian and TransUnion. There is no cost to do this and it prevents anyone else from opening new credit accounts in your name. And when you need to open new lines of credit, you can temporarily unfreeze your credit to do so.
(To freeze your credit, you must contact each of the bureaus individually online or by phone or email and request them to do so. The bureaus will provide you with a PIN that you will need to unfreeze your credit when you need it.)
Finally, if you suspect your identity has been stolen, you should immediately pull your credit reports. (You can do this for free weekly at AnnualCreditReport.com.) Once you have them, review your financial statements to look for unknown charges or credit accounts opened in your name. If you see fraudulent accounts on your credit report, you can dispute them for free, and the bureaus are obligated to investigate.
You can also report identity theft directly to the Federal Trade Commission at IdentityTheft.gov.
More from Money:
Top 8 Identity Theft Protection Services of April 2024
10 warning signs of identity theft
The best virtual private network (VPN) services.