The AT&T data leak highlights the importance of protecting your data

The sensitive data of 73 million customers have been posted online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

AT&T has acknowledged a data leak impacted 73 million of its current and former customers. News of the data leak was made public in March of this year, after a hacker using the alias ShinyHunters posted an archive of the stolen data toBreachForums, a notorious data leaks site.

AT&T said it is unclear whether the data, which appears to be from 2019 at the latest, originated from AT&T or one of its vendors. It has also not yet been made public how the data was accessed.

The information posted to BreachForums includes customers’ full names, email addresses, phone numbers, Social Security numbers, and AT&T account numbers and passcodes. In light of this, AT&T has reset all passcodes. The telecoms company has said it will be contacting those affected via email or letter, as well as providing complimentaryidentity theft protectionandcredit monitoring servicesif personal info was leaked.

User’s financial information or call history was not included in the leak.

How public is the AT&T data leak?

Despite AT&T saying that the data was leaked on the dark web, web security consultant and owner ofHaveIBeenPwnd.com, Troy Hunt,explained toWhat The Tech?that the data is onthe “clear web”. This means that it is on sites that can be accessed via your regular browser, giving “thousands if not tens of thousands of people” access to the data.

This means that, for the 73 million people affected by the breach, their personal information is easily accessible. Troy Hunt empathized with this struggle, noting: “We cannot go and change our date of birth, changing a social security number is an absolute nightmare. So we have to work on the fact that the data is out there and we’re never going to get it back.”

Unfortunately, as many people do not take steps to protect their sensitive information until it has been breached, this can be an arduous process. Hunt suggests using identity theft andfraud protection services—something that AT&T has offered the victims of the data breach.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

Where was the AT&T data leaked from?

There is evidence on BreachForum that the data leaked in March 2024 is a repost ofa leak shared in 2021. In 2021, AT&T did not confirm whether or not this data was legitimate, and denied that the data came from AT&T, saying that the data posted “d[id] not appear to have come from our systems”.

Despite this, ShinyHunters continued to make claims about the legitimacy of the data posted, saying that they “d[id]n’t care if they d[id]n’t admit”, referring to AT&T.

How to protect your personal data

As Troy Hunt said, one of the issues withdata breachesis the fact that people don’t protect their data until it’s too late. We’ve all done it—most people don’t assume that their personal information will be accessed by hackers and sold to other bad actors on the internet. Unfortunately, with the rate and scale of cyber attacks, your data being leaked has become less of andifand more of awhen.

Take me for example—I used Troy Hunt’s own HaveIBeenPwned.com to find out what information about me has been posted on the internet, and found out that my phone number was exposed in a data breach, and my email address has been exposed in two.

So, with this in mind, it’s important to take steps to protect your identity and data online, including:

Usingmulti-factor authentication—this can help prevent hackers from gaining access to your accounts, even if your email address is made public.

Notreusing passwordsandresetting your passwordsif they are exposed in a data breach—this means that even if your username and password is exposed, hackers cannot access any other accounts you use, and even the account that has leaked details.

Investing inidentity protection, whether this is on its own or part of an internet security suite—identify protection software can scour the web for data breaches you were involved in, allowing you to take further steps to protect your identity.

Olivia joined TechRadar in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across sites includingTechRadar Pro,TechRadar,Tom’s Guide,iMore,Windows Central,PC GamerandGames Radar. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.

Undermining your privacy? Session says no and leaves Australia

Are online dating and data privacy an incompatible match?

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case