You can go to the malware bytes website and get a report to see if you have been exposed. It has SSN numbers too so its pretty bad.
Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T.
Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.
However, AT&T denies (both in 2021 and, now, in 2024) that the data came from its systems, telling BleepingComputer that it’s seen no evidence of a breach. No response was received to a follow-up question on whether the data could come from a third-party provider.
The data posted online includes names, addresses, mobile phone numbers, dates of birth, social security numbers, and other internal information. Almost the same set was offered for sale in 2021, but the encrypted date of birth and social security numbers have since been decrypted and added to the set as supplemental files for most records.
Several sources have verified the dataset (or parts thereof) contains valid data.
What to do
AT&T still hasn’t confirmed that the data came from its systems, nor from a third party. However, there are some general actions you can take if you are an AT&T customer:
- Watch out for people posing as AT&T. Data breaches are great for scammers because they can contact you pretending to be from the (in this case alleged) breached company. If you receive an email, phone call or something similar from someone claiming to be from AT&T be cautious and contact AT&T directly to check it’s real.
- Take your time. Scammers often use themes that require urgent attention to hurry you into making a decision, filling in a form or giving away personal data. Take a step back and don’t give away any personal or financial information.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.