NEW YORK — Millions of current and former AT&T customers learned over the weekend that hackers have likely stolen their personal information and are sharing it on the dark web.
AT&T on Saturday said it doesn't know if the massive data breach "originated from AT&T or one of its vendors," but that it has "launched a robust investigation" into what caused the incident. The data breach is the latest cyberattack AT&T has experienced since a leak in January of 2023, that affected 9 million users. By contrast, Saturday's much larger breach impacts 73 million current and former AT&T account holders. AT&T has seen several data breaches over the years that range in size and impact.
Until more details of the investigation arise, here's what customers should know about the most recent data breach.
How many people were impacted by the AT&T data breach?
AT&T said the breach on Saturday affects about 7.6 million current and 65.4 million former AT&T customers.
What type of information was taken from AT&T?
AT&T said Saturday that a dataset found on the dark web contains information such as Social Security and passcodes. Unlike passwords, passcodes are numerical PINS that are typically four-digits long. Full names, email addresses, mailing addresses, phone numbers, dates of birth and AT&T account numbers may have also been compromised, the company said. The impacted data is from 2019 or earlier and does not appear to include financial information or call history, it added.
Was my information affected by the AT&T data breach?
Consumers impacted by this breach should be receiving an email or letter directly from AT&T about the incident. The email notices began going out on Saturday, an AT&T spokesperson confirmed.
What has AT&T done so far to help customers?
Beyond notifying customers, AT&T said that it had already reset the passcodes of current users. The company also said it would pay for credit-monitoring services where applicable.
What's the best way to protect my personal information?
Start by freezing your credit reports at all three major agencies — Equifax, Experience and TransUnion. Then sign up for 24-7 credit monitoring and enable two-factor authentication on your AT&T account, said WalletHub CEO Odysseas Papadimitriou, a former senior director at Capital One.
If you receive a notice about a breach, it's a good idea to change your password and monitor your account activity for any suspicious transactions. The Federal Trade Commission offers free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious activity.
—The Associated Press contributed to this report.