In a distressing turn of events, AT&T has once again become the target of a significant data breach, this time exposing sensitive information of nearly all AT&T cellular customers and drawing parallels to a similar incident from earlier this year.

The telecommunications giant has confirmed that unauthorized individuals have accessed customer data from a third-party cloud platform, with call and text records from specific periods in 2022 and 2023 being compromised.

Details of the Breach

AT&T disclosed in a statement on Friday, July 12th, that the recent breach involved the illegal download of customer data, including call and text records. This data encompasses records of AT&T’s cellular and landline customers as well as those using Mobile Virtual Network Operators (MVNOs) that operate on AT&T’s network.

However, AT&T has emphasized that the breached data does not include the content of communications or personal information such as social security numbers, dates of birth, or financial details.

This follows a previous breach in April when AT&T discovered a dataset on the dark web containing AT&T-specific fields. The dataset, believed to include data from vendors and personal information dating back to 2019 or earlier, potentially affected around 73 million current and former customers.

What Information Was Leaked and Potential Risks

The exposed information was found to contain details that could be used to identify individuals. AT&T explained in its July 12th statement, “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”

The breached data, primarily involving call and text records, includes metadata such as the time, date, duration, and destination of calls and messages. While this information does not reveal the content of the communications, it can still pose significant risks to consumers.

These kinds of data can be used to infer patterns of behavior, relationships, and potentially sensitive information about individuals’ activities and routines. Online criminals could exploit this data for targeted phishing attacks, social engineering, or identity theft, potentially leading to financial loss or other personal harm.

AT&T emphasized in its statement that they do not currently believe the stolen data has been made publicly available.

AT&T’s Response and Customer Notification

AT&T has been working closely with law enforcement agencies to arrest those involved in the incident and secure the compromised data. The company has committed to notifying affected customers and providing them with resources to protect their information.

Customers are advised to monitor their accounts for any unusual activity to safeguard their personal data.

Previous AT&T Data Breach

Earlier this year, we learned of another AT&T data breach. In this event, more than 73 million people had their personal information compromised.

The leaked customer information dates back to mid-2019 and earlier. The exposed data has been found on the dark web, a place where cybercriminals buy and sell leaked personal information.

The Broader Implications

The breaches at AT&T underscore the growing challenges that companies face in securing customer data in an increasingly digital world. With the rise of cyber threats, businesses must continuously evolve their security strategies to protect sensitive information.

The telecommunications sector, in particular, is a prime target for cyberattacks due to the vast amounts of data they handle and the critical nature of their services.

Discovering whether your personal information has been compromised in the AT&T data breach is crucial to help prepare for the potential risks of your information being exposed on the dark web.

Here are some steps you can take to help determine if you’re part of the AT&T data breach:

Contact AT&T

If you suspect you may be affected but haven’t received any notifications, reach out to AT&T customer service for clarification and guidance on next steps.

What Should I Do if My Personal Information Has Been Exposed?

The exposure of sensitive information such as Social Security numbers (SSNs) can have serious consequences. If you discover that SSN or other personal information has been compromised in the AT&T data breach, here’s what you can do to help protect your information:

Place a Fraud Alert

Contact one of the three major credit bureaus — Equifax®, Experian®, or TransUnion® — and request a fraud alert be placed on your credit report. This alert notifies creditors to take extra steps in verifying your identity before extending credit in your name.

Consider Freezing Your Credit

If you suspect you’re at risk of identity theft, you can choose to freeze your credit. This prevents creditors from accessing your credit report, making it difficult for fraudsters to open new accounts in your name.

Contact the Social Security Administration

You can contact the Social Security Administration office and report possible fraud using your SSN. Fraud can be reported online to the Social Security Administration Office of the Inspector General or to a local Social Security Administration office.

Stay Informed

Keep yourself updated on developments related to the data breach, including any updates provided by AT&T.

Reset Usernames and Passwords

Help ensure that your online accounts are protected by strong, unique passwords. Consider using a reputable password manager to generate and store complex passwords securely.

Enable Two-Factor Authentication (2FA)

Add an extra layer of security to your accounts by enabling 2FA when possible. This usually involves receiving a code that you must enter along with your password when logging in.

Utilize Identity Monitoring Services

Identity and credit monitoring is essential to help protect your data and your finances. IdentityIQ identity monitoring scours the dark web for your information and alerts you in real time when there is possible  suspicious activity. You also are protected with $1 million in identity theft insurance, underwritten in AIG.

Bottom Line

The recent AT&T data breach serves as a stark reminder of the need to safeguard your personal information in an increasingly digital world. By staying informed, taking proactive measures to help protect your identity, signing up for a top-rated identity theft protection service, and knowing how to respond in the event of a breach, you can help better mitigate the risks of identity theft and fraud.