Another day, another data breach. This time it involves one of the major cell phone and internet service providers: AT&T. The telecom giant recently announced that the personal information of millions of its customers was leaked in a cybersecurity breach.
In this article, we’ll go over some important steps from money expert Clark Howard on how to protect yourself from a data breach. No matter if you’re an AT&T customer or not, these steps can potentially safeguard your finances and identity.
AT&T Data Breach: What Information Was Exposed on the Dark Web?
In a statement on its website in late March, AT&T said that the company “has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
Some of the data that the AT&T data breach exposed includes customers’:
- Full name
- Email address
- Mailing address
- Phone number
- Social Security number
- Date of birth
- AT&T account number
- AT&T passcode
“It’s smaller than the horrific Equifax breach, but it is even deeper data than what happened then,” says Clark.
How Did the AT&T Data Breach Happen?
The company says it’s not certain how the data breach occurred, but here’s what the telecom giant has divulged so far:
“AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago [from March 30, 2024]. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.”
As a countermeasure, AT&T says it has begun a vast communications campaign targeting all past and current customers who have been affected.
“We are reaching out to all 7.6M impacted customers and, as a safety precaution, have reset their passcodes,” the company says on its website. “In addition, we are emailing and mailing letters to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services.”
AT&T Data Breach: Take These Steps To Protect Yourself
“AT&T is going to offer the lame credit monitoring garbage; just ignore all that and take the active steps you need to,” Clark says.
Those active steps include:
Freeze Your Credit
“I know I’m a broken a record on this: If you have not frozen your credit, freeze your credit with the three major credit bureaus,” Clark says. “It’s very easy to do and it’s free. It gives you the control that someone cannot apply for new credit as if they’re you.”
Credit freezes take about 15 minutes to set up. Check out Clark’s Credit Freeze Guide to see how to do it.
Reset Your Two-Factor Authentication
Because this data breach was so expansive, Clark also suggests that you consider resetting your two-factor authentication on your financial accounts.
“Here’s why the AT&T breach is potentially even more dangerous: They’ve got your phone number and all this other data, so your existing accounts – not people you owe money to, but I’m talking about the money you’ve got – investment accounts, retirement accounts, bank accounts – they all rely on two-factor authentication.”
“AT&T customers past and present should consider changing the two-factor from your cell phone number,” Clark says.
Instead of having your two-factor authentication sent to your AT&T phone, Clark wants you to set it up so that it goes to an email you can access independently of your phone.
“Because the criminals have all this information as well, you don’t want them to be able to use this as a way to hack into your accounts,” he says.
Change Your Password
AT&T is prompting its customers to change their passwords, but Clark says you’ll still be left unprotected if you use the same password for your AT&T sign-in as you use for your email or any online financial accounts like your brokerage firm, bank, investment, retirement and so on.
“Change your password with any of those entities,” Clark says. “Those are key because if a criminal has been able to get your AT&T password, you don’t want them to be able to try your Fidelity or Vanguard or your bank or whatever.”
Read our guide on how to create a safe password.
Final Thoughts
Data breaches will come and go, but how we protect against them must remain a constant, Clark says.
“This data breach is one that requires action and not passivity,” Clark says. “We get passive and we get zoned out about data breaches because they just keep coming at us like ocean waves. And so this is one you cannot ignore and you need to get on top of.”
Want more ways to protect your finances? Read our guide on how to get free credit monitoring.
