The Mac Security Blog

Security & Privacy

AT&T data breach exposes 70 million records; here’s how to protect yourself

Posted on by

On Saturday, March 30, AT&T issued a press release providing new details about a years-old data breach. Here’s everything you need to know, from what sensitive personal data was leaked, to what you can do to protect yourself.

In this article:

What data was exposed?

AT&T has acknowledged that customer information is out in the wild. The company stated that it still does not know whether the data originated from AT&T or one of its vendors; the source of the data is still being assessed.

The leaked data first appeared online in August 2021, nearly three years ago. At the time, AT&T stated that the company had not suffered a data breach—a position that the company has maintained up until now.

Following are the types of personally identifiable information (PII) included in the leak:

  • Full names
  • E-mail addresses
  • Mailing addresses
  • Phone numbers
  • Social security numbers
  • Dates of birth
  • AT&T account numbers
  • Passcodes

Not each customer that was exposed in this breach may have all of those data points exposed; AT&T states that the data varies by customer and account. As a precautionary measure, AT&T has reset the passcodes of the affected accounts, and said it would reach out by postal mail or e-mail to individuals with compromised sensitive personal information. AT&T said it would provide complimentary identity theft and credit monitoring services as well.

The history of the AT&T breach

In August 2021, a threat actor who self-identifies as ShinyHunters began selling a database that claimed to contain the personal information of over 70 million AT&T customers. The threat actor posted an advertisement for the sale of this data on a hacking forum. At the time, the data was only accessible to whomever paid for it.

Threat actor selling AT&T database on a hacking forum. Source: BleepingComputer

The seller has a long history of compromising websites; some past breaches include Microsoft’s GitHub, Teespring, and many more.

While AT&T denied suffering a breach, security researchers started digging. They quickly confirmed that the dataset included the details of actual customers—both current and past. At least some of the data may relate to AT&T’s customers as of 2019, but the leak may include more recent customers’ data as well.

Why is a years-old AT&T data breach back in the news?

Over the weekend, the same data was posted for free on a public hacking forum, making it instantly accessible to anyone that’ll search for it. The leaked dataset includes decrypted dates of birth and social security numbers.

Once again, security researchers quickly confirmed that the data contained the information of actual past or current AT&T customers.

Security researcher Troy Hunt also went through the data and polled some of his Have I Been Pwned subscribers to ask them if the information he found was indeed theirs—and it was. Hunt stated:

As I’m fond of saying, there’s only one thing worse than your data appearing on the dark web: it’s appearing on the clear web. And that’s precisely where it is; the forum this was posted to isn’t within the shady underbelly of a Tor hidden service, it’s out there in plain sight on a public forum easily accessed by a normal web browser. And the data is real.

Companies have a responsibility to make every reasonable effort to safeguard personally identifiable information. Exposure of such data can put individuals at risk of identity theft or other challenges. Handing over such information is, unfortunately, often the cost of doing business; you cannot become an account holder at AT&T or many other companies without sharing it. Thus, one has a reasonable expectation that a large corporation will have the resources to protect that information. On the other hand, anyone or any company can potentially be hacked or compromised, even if they try to get their security right.

What can I do to protect myself if my data was leaked?

Unfortunately, if your personal information has already been exposed, there’s not much you can do to prevent it from spreading further; data is infinitely copiable. And it’s generally impossible to change your social security number—and its exposure puts you at risk of identity theft.

Even if you have never been an AT&T customer, some of your PII may already have been exposed due to previous breaches at other companies.

So what can you do about it? There are several ways you can protect yourself. In a separate article, we cover 9 easy steps to recover from a data breach and avoid getting hacked.

What to do after a data breach—and how to avoid getting hacked—in 9 easy steps

How can I learn more?

We discussed this AT&T data breach on episode 338 of the Intego Mac Podcast.

You may also be interested in reading about a different AT&T breach that affected 100,000 iPad users in 2010.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →