A massive data breach has exposed the personal information of some 73 million current and former AT&T customers, with personal information like full names and social security numbers now circulating on the dark web.
Telecom data breaches are commonplace today, affecting all major U.S. carriers. In 2020, the Federal Communications Commission (FCC) levied fines on AT&T, Sprint, T-Mobile and Verizon after they were found to have failed to protect customer location information. The FCC introduced additional measures in December 2023, requiring carriers to notify customers of data breaches sooner—a measure that the carriers opposed claiming that customers would be “deluged” with reports.
If you are a current or former AT&T customer, what can you do to protect yourself from risks like identity theft
and financial fraud? This guide helps you understand what happened and immediate steps you can take to
protect yourself.
Understanding the AT&T data breach
What happened?
AT&T acknowledged on March 30, 2024 that a large dataset of leaked personal information belongs to current and former customers. A hacker first claimed to have stolen this data in August 2021, but only recently published enough of it online for researchers to confirm its authenticity.
Personally identifiable information like full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers and passcodes were compromised.
Are you impacted?
If you are a current or former customer of AT&T, you may have been affected. AT&T has said that the data appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders. The company has also said that it will be contacting affected customers by email or letter explaining the incident, what information was compromised, and what it is doing in response.
How has AT&T responded to the breach?
In 2021 and initially in mid-March 2024, AT&T said that the leaked data did not come from their systems. After independent researchers and customers confirmed that the data was authentic, the company reset account passcodes and acknowledged that “AT&T data-specific fields were contained in a data set.”
Protect yourself by taking these immediate steps
Whether or not you have been impacted by this latest data breach, we recommend taking immediate steps to safeguard your privacy and personal information:
Change your passwords and passcodes: Create strong, unique passwords for all your important accounts. Consider using a password manager to keep track of these passwords. A good password includes a mix of letters, numbers, and special characters and doesn’t contain information like your birth date or name.
Monitor your accounts: Look out for unauthorized transactions in your bank accounts, credit card statements, and any other financial accounts.
Set up fraud alerts: Contact the three major credit bureaus, Equifax, Experian, and TransUnion, to place a fraud alert on your credit reports. Creditors will be required to verify your identity before opening any new accounts in your name, providing an extra layer of protection.
Consider a credit freeze: This restricts access to your credit reports and prevents potential creditors from
viewing them. This measure is especially effective for thwarting attempts by identity thieves to open new accounts
in your name.
Stay vigilant against phishing attempts: Beware of emails, calls, or messages requesting personal information or directing you to suspicious websites. Cybercriminals often pose as legitimate businesses to steal more data.
Use two-factor authentication (2FA): This adds an additional layer of security by requiring a second method of verification on top of your password.
Review and update security questions: Choose questions that are not based on easily guessable or readily available information. Avoid questions with answers that remain static over time, like your mother’s maiden name.
By taking these steps, you can mitigate your risks of identity theft and fraud following a data breach. However, it’s also important to avoid sharing your information with platforms that are susceptible to frequent data breaches.
Many customers believe that the price of staying connected necessitates sharing their personal information. This is no longer true.
Mobile service with privacy and security
Cape provides cellular phone service, just like AT&T, Verizon, and T-Mobile, but does not collect personal information like names, social security numbers, and dates of birth. This data is not necessary for providing premium cellular service, with the same or better network coverage and reliability that you have today. We believe that staying connected should not cost you your privacy and security.
See how we’re changing the game:
Minimal personal information collection: Cape collects only what is absolutely necessary to provide you with premium wireless service. We do not require emails, mailing addresses, or birth dates. At Cape, your phone number is just a number, not a key to your life.
Secure passphrases over passcodes: Unlike traditional services that rely on four-digit passcodes, Cape uses a more robust system of secure passphrases, which are mathematically more challenging for attackers to crack. We also use modern, expert-vetted cryptography for account authentication. These measures provide enhanced protection against brute force attacks and other hacking techniques. Security questions, which are vulnerable to theft by hackers and social engineering tactics, are not used.
A commitment to not selling data: We will never sell your data. Period.
Privacy as a standard, not an option: Cape users enjoy the highest standards of privacy and security by default. We believe privacy is a fundamental right, not a privilege or an add-on. This belief is woven into the fabric of our business model and our service.
Cape your life
AT&T’s latest data breach places 73 million people at risk of identity theft, financial fraud, and other events that can take years to resolve. Taking steps like creating strong passwords and turning on two-factor authentication can help to reduce your risk.
To further protect yourself, you should avoid providing personal information in exchange for basic services.
With Cape, you can enjoy premium cellular service without giving away your sensitive data.