Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content

Join us Thursday for a national tele-town hall conversation about vaccines with CDC Director Mandy Cohen, M.D. Find out more.

Content starts here
CLOSE ×
Search
Popular Searches

Games

Car rental

AARP daily Crossword Puzzle

Hotels with AARP discounts

Life Insurance

AARP Dental Insurance Plans

Travel

Suggested Links
Help Show me my account info Change my Address How do I contact AARP? Where is my membership card? How do I get a digital card?
Red Membership Card

LIMITED TIME OFFER: Labor Day Sale!

Join AARP for just $9 per year with a 5-year membership and get a FREE Gift! 

Get instant access to members-only products, hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. 

 

120x30-AARP-logo-red
Join
Renew
Enroll
Rejoin

AARP en Español

Join
Renew
Enroll
Rejoin
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Continue Cancel

How to Protect Yourself From the Latest AT&T Data Breach

‘Nearly all’ of AT&T’s account holders in 2022 have been affected

By

Edward C. Baig,

 
AARP
Comments
Published April 01, 2024
/ Updated July 12, 2024
a person is walking in front of a blue sign that says a t and t
PAU BARRENA/AFP via Getty Images

In this story

A fresh attackPrevious March breachAT&T’s actionsWhat you can doOther companies, too 

AT&T’s disclosure Friday of a cyberattack on its cellphone customers’ records is the second major incident involving the nation's second-largest wireless company in about three months.

Phone and text records from “nearly all” of AT&T’s cellular customers during a six-month stretch in 2022 were hacked. The stolen haul identified other phone numbers, including landlines, that an AT&T wireless number interacted with between May 1, 2022, and Oct. 31, 2022, as well as on Jan. 2, 2023. 

Image Alt Attribute

LIMITED TIME OFFER: Labor Day Sale!

Join AARP for just $9 per year with a 5-year membership and get a FREE Gift!

Join Now

In this latest attack, customer data was illegally downloaded on a “third-party cloud platform,” AT&T said. In a subset of the stolen records, one or more cell site ID numbers associated with the interactions were also included. 

The leaked data does not appear to be publicly available, the telecommunications titan indicated. And the contents of any calls or texts or the time stamps of such communications are not part of the breach.

Previous breach revealed in March

At least one person has been apprehended, and AT&T said it would notify current and former account holders

At the end of March, AT&T disclosed a massive data breach in which a data set of Social Security numbers, birth dates, AT&T account numbers and passcodes, email addresses and other sensitive personal information was discovered on the “dark web” two weeks prior. The dark web is a space where content is intentionally concealed and criminals can anonymously buy and sell illegal goods and private information.

Hacked data from the previous incident appeared to be from 2019 or earlier. It affected about 7.6 million current AT&T account holders and 65.4 million former customers.

What AT&T is doing to tackle the problem

AT&T claims the security hole in this latest episode has been plugged. You can sign into your account to get the phone numbers of your calls and texts during the affected period.

After the earlier incident was revealed, AT&T informed customers that if your smartphone wants you to reset your passcode, typically four to six numerals that are a personal identification number, that’s because the company has reason to believe your information was compromised. At the time, AT&T pushed a reset to current users’ passcodes. 

It also offered affected customers complimentary credit monitoring and identity theft services. 

A little less than a fifth, 19 percent, of AT&T’s subscribers are older than 60, according to a weekly survey from telecom analyst Roger Entner of Recon Analytics in Dedham, Massachusetts. That compares to a little more than a fifth, 22 percent, of Verizon’s customers and about a sixth, 17 percent, of T-Mobile’s. 

AT&T hasn’t yet determined whether that breach originated from AT&T itself or from an outside vendor.

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

View Details
See All
See more Technology & Wireless offers >

What you can do to be proactive

As always, be cautious.

Take action even if you think your data is safe, and practice strong cybersecurity hygiene. Reset all your passwords and numerical passcodes regularly and avoid using the same or similar ones across multiple accounts.

To update your AT&T passcode, navigate to myAT&T Profile and sign in. Scroll to My linked accounts | Edit and follow the prompts.

You should also set up two-factor authentication, also called multifactor authentication. After entering your account credentials, you’ll separately receive a one-time code from a text, app or digital device you have with you. 

“There are three types of security: What you know, what you are and what you have,” Entner says. “What you are is biometric, what you have is like the two-factor authentication, and what you know are passwords and all of these things. And that’s the least reliable thing.” 

AT&T is encouraging customers to closely monitor their own account activity and credit reports. You can also set up free fraud alerts from Equifax, Experian and TransUnion, request and review a free credit report at FreeCreditReport.com and freeze your credit reports.

Other telecommunications companies have had problems

Leaky data is not new to telecom. These latest breaches bring to mind data on 37 million T-Mobile accounts that hackers stole in late 2022, at the time the company’s second major security leak in less than 24 months.

In August 2021, T-Mobile disclosed that hackers swiped personal data on more than 40 million U.S. customers, a figure later revised to around 77 million. Back then, T-Mobile claimed no passwords, payment card information, Social Security numbers or other information was compromised.

In recent years, other industries have experienced their own sizable data breaches. Last year, more than 3,200 instances of compromised data affecting more than 353 million people, were publicly reported, according to the Identity Theft Resource Center. That is a 78 percent increase from 2022.

It's hardly surprising. Sensitive information is the rocket fuel that powers scammers. Armed with such data, bad guys can pretend to be you, or in certain cases earn your trust because of what they know.

Edward C. Baig covers technology and other consumer topics. He previously worked for USA Today, BusinessWeek, U.S. News & World Report and Fortune, and is author of Macs for Dummies and coauthor of iPhone for Dummies and iPad for Dummies. Follow him on LinkedInThreads; and X, formerly known as Twitter.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

Benefits Recommended For You

See All