Last Updated on April 12

On Saturday March 30^th, AT&T — the largest telecoms company in the USA — announced that a giant data set of customer personal information was leaked onto the dark web. In total, 73 million individuals have been affected: 7.6 million are current customers, while the vast majority, 65.4 million, are former customers. Fortunately, financial information and call history are reported to not be included, yet the data set is believed to include other highly sensitive information such as:

• Social Security numbers
• Full names
• Dates of birth
• Passcodes (PINS)
• Email addresses
• Postal addresses
• Customer numbers

AT&T Data Breach: What Happened? Am I Affected?

It is believed the data comes from 2019 and earlier — presumably that’s why there are so many former customers. AT&T stated on Saturday that they don’t know whether the data leak “originated from AT&T or one of its vendors”. The data set was published on a well-known cybercrime forum on the dark web, and appears to be connected to a security event way back in August 2021.

Back then, a hacker claimed to have stolen the personal information of around 70 million customers. At the time, AT&T denied the data came from them or that they had suffered a breach, while the hacker only published a small sample — making it difficult to verify the large numbers and PII claimed. Based on these facts, it appears likely that that original security incident has come back to haunt AT&T and its many customers. No one, including AT&T, seems to have any idea where the leaked data came from. But it is legit, and should be taken seriously — for example, by updating passcodes and passwords, and paying attention to correspondence from AT&T. In their words:

“Our internal teams are working with external cybersecurity experts to analyze the situation […] We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.”

AT&T Notifies Regulators [04/12 Update]

As of 04/10, AT&T has started notifying relevant authorities about the security breach. They have also confirmed the authenticity of exposed customer records. In a mandatory disclosure to attorney generals in Maine, California, and elsewhere, AT&T confirmed they have sent notifications to over 51 million individuals regarding the compromise of their personal information. This figure appears to be the true total: i.e., the 73 million, minus duplicates and duds. The final number of affected current customers appears to be slightly higher: 7.9 million rather than 7.6.

Under state data breach notification laws, companies are obligated to disclose breaches involving large numbers of people to US attorneys general. In their notifications, AT&T stated they are providing identity theft and credit monitoring services to affected customers. As of now, AT&T has not yet determined the source of the leak.

What Is an AT&T Passcode and How Do You Reset It?

An AT&T passcode is typically a four-digit numerical PIN. Distinct from a password, it’s necessary for tasks such as completing an AT&T installation, conducting account activities over the phone, or reaching out to technical support via phone. AT&T stated that it has already reset the passcodes for active accounts affected by the breach. However, as a precautionary measure, they recommend changing your passcode if you haven’t done so in the past year. Here’s how you can change your passcode:

1. Go to your my AT&T Profile.
2. Sign in if prompted. (If you have additional security measures enabled and are unable to sign in, AT&T advises selecting “Get a new passcode.”)
3. Scroll to “My linked accounts.”
4. Click “Edit” for the passcode you wish to update.
5. Follow the prompts to complete the process.

Four Top Tips to Stay Safe

1. Change your passwords for the impacted sites. You should change your passwords frequently for all accounts. Make sure your passwords are strong and not easily discovered. 
2. Turn on multi-factor or two-factor authentication for those accounts if you haven’t done it already.  Not sure how to get started? Here are some tips.
3. See if your data has already been leaked.  Trend Micro offers a free service to check if your personal information is circulating on the dark web. Give it a go here!
4. Stay alert. When big data breaches occur, it usually coincides with increased cybercriminal activity. Be on the lookout for an increase in phishing attacks. When in doubt, don’t click links or reply!

Protecting Your Identity and Personal Info

Trend Micro is here to have your back in 2024. We would encourage readers to head over to our new ID Protection platform, which has been designed to meet the security and privacy threats we now all face.

With ID Protection, you can:

1. Check to see if your data (email, number, password, credit card) has been exposed in a leak, or is up for grabs on the dark web;
2. Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report;
3. Create the strongest tough-to-hack password suggestions from our advanced AI (they’ll be safely stored in your Vault);
4. Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers.
5. Receive comprehensive remediation and insurance services, with 24/7 support.

Offering both free and paid services, ID Protection will ensure you have the best safeguards in place, with 24/7 support available to you through one of the world’s leading cybersecurity companies. Trend Micro is trusted by 8 of the top 10 Fortune 500 Companies — and we’ll have your back, too.

Why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below. Here’s to a secure 2024!