AT&T breach victims need to take these 3 steps right now
"Nearly all" customers have data compromised
Telecom giant AT&T just admitted that almost all of its roughly 110 million customers have been the victims of a massive data breach.
If you were a customer between May 2022 and January 2023 then there is a very high chance your data has been compromised with call and text message records accessed via an illegal download from a third-party cloud platform.
Those who have been let down should look out for contact from AT&T or log into their account and look for a notification. But here's what you should do right now, from changing your password to investing in one of the best VPNs.
1. Change your password
This really goes without saying. Your password has likely now been compromised and you should change it on both your AT&T account and anywhere else you use it. I know it's inconvenient but try and use a different password for each service. There are plenty of tools for creating secure randomly generated passwords, and you don't even need to remember them if you use one of the best password managers.
Where possible you should also activate 2-factor authentication on your account (and any accounts that use the same password). Combining two methods of logging in together obviously creates a much more secure system.
If possible given the nature of this leak, you probably should also look to change your cell phone number.
2. Prepare for scammers
It's time to face the facts, you're probably going to get a few more spam calls for a while. That's not as big a deal as potential scammers. Be extra careful about giving anyone personal details such as banking information or your address over the phone, they could be cleverly disguised phishing schemes.
You should also be extra vigilant online as even anonymous phone number information can be pieced together by scammers to identify individual people. Treat every email from an unfamiliar address as suspicious.
It's also wise to notify your bank that you have been the victim of this attack. They can keep an extra eye out for any suspicious transactions taken in your name and introduce new security measures to make you certain that you are contacting your bank and not an imposter in the future.
3. Protect yourself
Changing your password is a start but there are further steps you can take to stay safe online.
Using one of the best VPNs is a great way to protect your data online when browsing. Not only do they spoof the location of your IP address but they also securely encrypt your data. There are even free VPN plans like ProtonVPN.
Many also include elements of antivirus. NordVPN for example has its Threat Protection Pro system, a great tool for fighting phishing. A Surfshark One subscription meanwhile includes dedicated antivirus software and Alternative ID, a feature that lets you sign up for services online with randomly generated details and now even a decoy phone number.
With an Alternative ID, you can make accounts for less trustworthy services (or ones that are frequently attacked, like AT&T) with complete peace of mind. You can minimize any spam and sleep easy at night knowing that if your details get leaked then you've not actually been compromised. There's nothing for hackers to piece together, just disconnect that ID, re-roll another random identity and you're ready to go.
Andy is a freelance writer with a passion for streaming and VPNs. Based in the U.K., he originally cut his teeth at Tom's Guide as a Trainee Writer before moving to cover all things tech and streaming at T3. Outside of work, his passions are movies, football (soccer) and Formula 1. He is also something of an amateur screenwriter having studied creative writing at university.