determined that some of your personal information was compromised…What happened? On March 26, 2024, we determined that AT&T customer information was included in
a dataset released on the dark web on March 17, 2024.”
AT&T is sending a letter to the 51 million former and current subscribers who had their personal data leaked online
The carrier, in the letter, says, “To help protect your identity, we’re offering you one year of complimentary credit monitoring, identity theft detection and resolution services provided by Experian’s IdentityWorks.” The letter explains how victims can take advantage of the free year of credit monitoring that AT&T is offering to impacted subscribers.
The frightening part of this is the type of information that was leaked which, according to AT&T, “included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode.” The nation’s third-largest carrier said, “To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier.”
Each letter will include an activation code that former and current AT&T subscribers can use to start their free year of Experian’s IdentityWorks service which includes an insurance policy with up to $1 million in coverage in case of identity threat. It also includes access to an Identity Restoration team to guide victims through the recovery process.
AT&T warns customers to “Stay vigilant. It also says that customers can customize the new passcodes they received from AT&T via the myAT&T and MyAT&T apps, or through a phone call to customer care at 1-866-346-0416. Also, AT&T tells its customers to be on the lookout for suspicious calls and emails. The wireless provider says to watch out for unsolicited communications asking for your personal info.
In the letter it is sending to its 51 million past and current customers, AT&T writes, “You should be cautious about entering your username and password on links provided through emails, even if it looks like the company’s website. The safest route is to go directly to the company’s website to log in.”