Skip to main content
Mostly Clear icon
50º

FAQ: What to know about the AT&T data breach that leaked millions of customers’ information online

(AP Photo/Matt Rourke) (Matt Rourke, Copyright 2012 by Associated Press. All rights reserved.)

AT&T recently discovered that sensitive information belonging to millions of its current and former customers has been stolen and found online. Here are some frequently asked questions about this data breach.

Recommended Videos



Q: How many people were affected by this data breach?

In a Saturday announcement addressing the data breach, AT&T said that a dataset found on the “dark web” contains information for about 7.6 million current account holders and 65.4 million former account holders.

Q: What information was compromised in this breach?

A: Although varying by each customer and account, AT&T says information involved in this breach included Social Security numbers and passcodes — which, unlike passwords, are numerical PINS that are typically four digits long.

Full names, email addresses, mailing addresses, phone numbers, dates of birth and AT&T account numbers may have also been compromised. The impacted data is from 2019 or earlier and does not appear to include financial information or call history, the company said.

SEE ALSO: AT&T notifies users of data breach and resets millions of passcodes

Q: How did this breach happen?

Whether the data “originated from AT&T or one of its vendors” is still unknown, the Dallas-based company noted — adding that it had launched an investigation into the incident.

Q: How will those affected be notified?

Those affected by this breach should receive an email or letter directly from AT&T about the incident. The email notices began going out on Saturday, an AT&T spokesperson confirmed to the Associated Press.

Q: How is AT&T responding?

Beyond these notifications, AT&T said that it had already reset the passcodes of current users. The company added that it would pay for credit monitoring services where applicable.

AT&T also said that it “launched a robust investigation” with internal and external cybersecurity experts to investigate the situation further.

SEE ALSO: Previous coverage around AT&T

Q: What other data breaches has AT&T experienced?

AT&T has seen several data breaches that range in size and impact over the years.

While the company says the data in this latest breach surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar breach that surfaced in 2021 but which AT&T never acknowledged, cybersecurity researcher Troy Hunt told the AP Saturday.

“If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers,” then it’s likely the company will soon face class action lawsuits, said Hunt, founder of an Australia-based website that warns people when their personal information has been exposed.

A spokesperson for AT&T declined to comment further when asked about these similarities Sunday.

Q: Can AT&T can face legal consequences similar to Equifax after their data breach?

Bloomberg Law reports that AT&T Inc. is being sued for allegedly exposing 73 million current and former users to privacy-related injuries as a result of a recent data breach. According to the complaint filed in the Northern District of Texas, AT&T must pay for out-of-pocket expenses associated with identity theft prevention as well as monetary damages.

Q: Is there anything I can do to protect myself going forward?

Avoiding data breaches entirely can be tricky in our ever-digitized world, but consumers can take some steps to help protect themselves going forward.

The basics include creating hard-to-guess passwords and using multifactor authentication when possible. If you receive a notice about a breach, it’s a good idea to change your password and monitor account activity for any suspicious transactions. You’ll also want to visit a company’s official website for reliable contact information — as scammers sometimes try to take advantage of news like data breaches to gain your trust through look-alike phishing emails or phone calls.

In addition, the Federal Trade Commission notes that nationwide credit bureaus — such as Equifax, Experian and TransUnion — offer free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious activity.

___

AP Reporter Matt O’Brien contributed to this report from Providence, Rhode Island.


About the Authors
Holly Galvan Posey headshot

Holly joined the KPRC 2 digital team in March 2024, leveraging her eight years of expertise in blogging and digital content to share her passion for Houston. Outside of work, she enjoys exploring the city's vibrant scenes, all while balancing her roles as a wife and mother to two toddlers.

Loading...