Summary

  • AT&T has acknowledged a data breach dating back to 2021.
  • AT&T customers from 2019 or earlier may have been compromised, but financial information may be safe.
  • The carrier is resetting passcodes for affected customers and recommending fraud alerts from credit bureaus.



When you consent to providing your personal information to a company and it experiences a data breach, you might fear the worst. Depending on how much data you made available, your sensitive information could eventually wind up circulating in dark corners of the web, increasing your risk of identity theft. Practically every carrier has faced data breaches, and AT&T is no exception. With the personal data of millions at its fingertips, all of its customers expect it to keep their information safe — but, as we’re learning now, that wasn’t the case back in 2021.


The AT&T logo with an image of a cell tower in the background

Related

Data thieves expose millions of AT&T customers’ names and phone numbers

The telco says attackers targeted a third-party vendor

In a statement on its website, AT&T is now acknowledging that the data of its customers — specifically from 2019 or earlier — may have been compromised in a data breach. The company says that it does not seem like personal financial information or call history was leaked to hackers. However, everything from social security numbers to email addresses might have made its way onto the dark web (via The Verge). Originally, rumors of the breach began back in 2021 when a hacker claimed to have the social security numbers of birthdates of more than 70 million AT&T customers. At the time, they were selling the information for thousands of dollars.


How AT&T originally handled rumors of the breach

In its initial response to the supposed hacking nearly three years ago, AT&T said that the information obtained by the hacker did not come from its systems. This suggested that either the data being sold was fraudulent, or it was obtained from a third party, rather than AT&T. In any case, the mobile service provider didn’t seem eager to raise the alarm just yet.


Now that the company has acknowledged the data breach, it is reaching out to both current and previous customers who may have been impacted. Those who were affected are having their passcodes reset — these passcodes were thought to have fallen into the hands of the bad actor. For precautionary measures, AT&T is recommending that customers subscribe for fraud alerts from the US credit bureaus — Equifax, Experian, and TransUnion. However, it doesn’t hurt to keep an eye on your bank statement as well, which is where fraudulent transactions will show up.