Hackers stole six months' worth of records of nearly every AT&T cellular customer, the company said Friday, exposing the data of millions of Americans.
The massive security breach involved call and text records between May 1, 2022 and Oct. 31, 2022, as well as some records on Jan. 2, 2023, according to an internal company investigation. Customers of mobile virtual network operators using AT&T’s wireless network, as well as landline customers who contacted those cellular numbers, were also impacted.
While personally identifiable information and the content of calls and messages was not compromised, records did include phone numbers, which can be traced to customer names using online tools.
AT&T said it “does not believe that the data is publicly available.”
We've got the news you need to know to start your day. Sign up for the First & 4Most morning newsletter — delivered to your inbox daily. Sign up here.
Affected customers will be contacted, and AT&T said it has "taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access."
The company's wireless network alone has 127 million devices connected to it, according to its 2023 annual report.
As our reliance on technology increases, data breaches revealing sensitive information are becoming more common. However, there are measures consumers can take to protect themselves going forward.
The basics include using hard-to-guess passwords and multifactor authentication. Following a breach, users should change their password and monitor their accounts for suspicious transactions or activity.
Scammers may take advantage of data breaches and use phishing emails or phone calls that resemble official correspondence from the company involved. To prevent yourself from becoming a target, always visit a company’s website for reliable information.
Customers can also set up free credit freezes and fraud alerts through nationwide credit bureaus like Equifax, Experian and TransUnion, according to the Federal Trade Commission.
There are six types of information that can be stolen from data breaches.
What should you do if your Social Security number has been exposed?
If a company responsible for exposing your information offers you free credit monitoring, take advantage of it — this will alert you of changes that may indicate fraud or identity theft.
Check for accounts or charges you don't recognize on your credit reports. You can order free reports from annualcreditreport.com.
A credit freeze can make it harder for someone to open a new account in your name. However, it means that the next time you apply for something that requires a credit check — such as a credit card or cell phone — you will need to take a few extra steps.
You can also place a fraud alert.
If the data breach happens near tax season, try and file your taxes early. Scammers can use your SSN to get a tax refund or a job. Filing your papers before the scammer does can prevent tax identity theft.
What should you do if your login and password has been compromised?
Change your password and, if possible, your username. If you use the same password elsewhere, change that as well.
If you can't log in, contact the company and ask how you can recover or shut down the account.
If the login is for a site where your financial information is stored — for example, if you have a credit card saved — make sure to check your account for unfamiliar charges.
What should you do if your debit or credit card number has been exposed, or your bank account information?
Contact your bank or credit card company to cancel your card and request a new one. Make sure to check your credit report and review transactions regularly.
If any charges look incorrect, call the fraud department and get them removed.
Once you receive your new card, update any automatic payments you may have set up with your new number.
If your bank account information has been compromised, the same precautions apply. Contact your bank to close the account and open a new one.
What should you do if your driver's license information has been exposed?
Report a lost or stolen driver's license to your nearest motor vehicles branch. The state might flag your license number in case a scammer tries to use it, or they might suggest that you apply for a duplicate.
Check your credit report and keep an eye out for suspicious activity, as well.
What should you do if your child's personal information has been exposed?
Depending on your state, you can request a credit freeze for your child. This will make it more difficult for someone to use your child's information to open accounts. Follow the instructions provided by Equifax, Experian or Transunion.
Regardless of whether you can request a credit freeze, you can check if your child has a credit report through the credit bureaus. If they do, the bureau will send you a copy of the report. Instructions will be provided with the report on how to remove fraudulent accounts.
The Federal Trade Commission has more information on how to protect your child from identity theft.