Many companies featured on Money advertise with us. Opinions are our own, but compensation and
in-depth research may determine where and how companies appear. Learn more about how we make money.

By:
Editor:
Originally Published: Apr 02, 2024
Originally Published: Apr 02, 2024 Last Updated: Apr 03, 2024 7 min read
AT&T Store
Getty Images

Telecommunications giant AT&T has confirmed it's investigating a massive data leak that exposed personal information on tens of millions of current and former customers.

Over Easter weekend, AT&T verified that sensitive data belonging to 73 million people was leaked on the dark web following years of rumors that a hacker had stolen large amounts of AT&T customer data. The information includes Social Security numbers and account passcodes; full names, email addresses, home addresses and more may have also been leaked.

“The data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” the company said in a statement posted on its website Saturday. “The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.”

AT&T says it has reset affected customers' account passcodes. Passcodes are separate from passwords and are typically four digits in length. They can be used to access an AT&T account in lieu of a full password.

AT&T stock prices fell about 2.5% percent Monday morning to as low as $17.16 as the markets opened from the holiday weekend but had largely recovered as of Tuesday afternoon.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer
Having your identity stolen may come at a high cost
With Aura in your corner, you'll have the proper software to protect your every online move. Nowadays, we all need Identity Theft Protection. Find yours by clicking on your state below.
HawaiiAlaskaFloridaSouth CarolinaGeorgiaAlabamaNorth CarolinaTennesseeRIRhode IslandCTConnecticutMAMassachusettsMaineNHNew HampshireVTVermontNew YorkNJNew JerseyDEDelawareMDMarylandWest VirginiaOhioMichiganArizonaNevadaUtahColoradoNew MexicoSouth DakotaIowaIndianaIllinoisMinnesotaWisconsinMissouriLouisianaVirginiaDCWashington DCIdahoCaliforniaNorth DakotaWashingtonOregonMontanaWyomingNebraskaKansasOklahomaPennsylvaniaKentuckyMississippiArkansasTexas
View Plans

AT&T data breach: What happened this time?

According to TechCrunch, which broke the story and alerted AT&T to the breach, a hacker posted the full data set on a dark-web forum last month.

The original data breach seems to have happened in 2021 or earlier. The hacker who claimed responsibility for the breach previously posted a small portion of the stolen data on the same forum in 2021, but AT&T didn’t publicly acknowledge the breach until Saturday.

This isn’t the first data breach AT&T has dealt with. The Associated Press reports that the telecom company has experienced several breaches over the years, including one in 2014 where a rogue employee accessed personal data on about 1,600 customers.

Who was affected by the AT&T data breach?

In total, approximately 73 million people’s information was leaked on the dark web in connection with the AT&T data breach. This includes sensitive information like Social Security numbers, addresses and account information for 7.6 million current AT&T customers and over 65 million former customers, the company confirmed.

How to tell if your information was leaked

As of now, the best way to tell if your information was leaked is to wait for AT&T to contact you.

“If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response,” the company said on its website.

The company said it's providing free credit monitoring services to at least some of the people who were affected by the leak. Typically, credit monitoring services help people dealing with identity theft by automatically sending alerts about changes to their credit report, credit score or other suspicious activity.

How to protect your identity and sensitive data

Identity theft has been a pervasive issue in the U.S. for decades, and since the pandemic, it has worsened considerably. In 2019, the Federal Trade Commission received nearly 650,000 complaints of identity theft. In 2023, that number soared to over 1 million — an increase of 60%.

Even so, identity theft remains vastly underreported, according to Axton Betz-Hamilton, an identity theft expert and consumer affairs professor at South Dakota State University.

She previously told Money that preventing and managing identity theft takes vigilance. Once your information is out there on the dark web — as it might be with the AT&T data breach — it can be bought and sold forever.

Ideally, you should be taking steps to prevent identity theft from happening in the first place, she said. That includes using strong, unique passwords and/or a password manager; never opening emails from unfamiliar senders or answering phone calls from unknown numbers; and storing your sensitive documents like Social Security cards and birth certificates in a bank lock box (not at home).

One of the biggest strategies Betz-Hamilton recommends is that you freeze your credit with the “big three” credit bureaus: Equifax, Experian and TransUnion. There’s no charge to do this, and it prevents anyone else from opening new credit accounts in your name. And when you need to open new lines of credit, you can temporarily unfreeze your credit to do so.

(To freeze your credit, you must contact each of the bureaus individually online or by phone or mail and request them to do so. The bureaus will give you a PIN that you will need to unfreeze your credit when you need it.)

Finally, if you suspect your identity has been stolen, you should immediately pull your credit reports. You can do this for free weekly at AnnualCreditReport.com. Once you have them, review your financial statements to look for unfamiliar charges or credit accounts open under your name. If you see fraudulent accounts on your credit report, you can dispute them at no charge, and the bureaus are obligated to investigate.

You can also report identity theft directly to the Federal Trade Commission at IdentityTheft.gov.

Clarification: This story has been updated to reflect a statement from AT&T saying the origin of the data posted online is still under investigation.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer

Includes VPN & password manager

🔥  Up to 75% off Family Annual Plans

  • 3-bureau credit monitoring with up to 250x faster fraud alerts
  • Anti-virus, VPN & password manager
  • Up to $5 million identity theft insurance
  • 24/7 US-based fraud experts & support
  • 60-day money-back guarantee 

Up to $3 million identity theft coverage

Save Up to 52% with LifeLock Annual Plans

  • Up to $3 million coverage/adult with LifeLock Ultimate Plus Plan
  • 3-bureau credit monitoring
  • Bank & Credit Card Activity Alerts
  • Add on device security & VPN
  • U.S.-Based Personal Restoration Specialist

Comprehensive 3-bureau monitoring system

Up to 40% off Ultra Plans

  • $1 million identity theft insurance

  • Fraud protection & resolution

  • 3-bureau credit monitoring 

  • Bank account monitoring

  • US-based customer care team

Comprehensive low-cost Identity Protection

  • 3-bureau credit monitoring 
  • ID theft protection services
  • $1M stolen funds & expense reimbursement 

  • 24/7 customer & recovery services 

  • Free coverage for kids

More from Money:

8 Best Identity Theft Protection Services of April 2024

10 Warning Signs of Identity Theft

Best Virtual Private Network (VPN) Services

Ads by Money. We may be compensated if you click this ad.Ad
Protect yourself from the threat of Identity Theft with Aura