What to Do After the AT&T Data Breach: A Complete Guide

In 2024, AT&T was hit by not one but two massive data breaches that together compromised the personal information of tens of millions of Americans. The first breach exposed Social Security numbers and personal details of 73 million people. The second exposed the call and text records of nearly every AT&T cellular customer. If you or anyone you know has been an AT&T customer, here is exactly what happened, what data was exposed, and what you need to do right now to protect yourself.

What Happened: Two Separate AT&T Breaches

Breach #1: Personal Data on the Dark Web (March 2024)

In March 2024, AT&T confirmed that a dataset containing the personal information of approximately 73 million people had been published on a dark web forum. This included 7.6 million current AT&T customers and 65.4 million former customers. The data appeared to date from 2019 or earlier, but its appearance on the dark web in 2024 meant it was freshly available to criminals.

Data exposed in this breach included:

• Social Security numbers
• Dates of birth
• AT&T account passcodes (four-digit PINs used to secure accounts)
• Full names
• Email addresses
• Mailing addresses
• Phone numbers
• AT&T account numbers

Breach #2: Call and Text Records Stolen (April 2024, Disclosed July 2024)

In July 2024, AT&T disclosed a second, separate breach. Between April 14 and April 25, 2024, attackers accessed and downloaded call and text message records from a third-party cloud platform. This breach affected nearly all AT&T cellular customers, as well as customers of mobile virtual network operators (MVNOs) that use AT&T's network, and AT&T landline customers.

The stolen records covered calls and texts from May 1 through October 31, 2022, with some records from January 2, 2023. The exposed data included:

• Phone numbers that AT&T customers called or texted
• Phone numbers that called or texted AT&T customers
• The number of interactions (calls/texts) between numbers
• Total call duration for specific periods
• Some cell site identification numbers (which can approximate location)

The content of calls and texts was not exposed, nor were names directly included. However, phone numbers can easily be matched to identities using publicly available data or data broker records.

Important: This second breach does not just affect AT&T customers. If anyone with an AT&T phone number called or texted you during the affected period, your phone number and interaction patterns were also exposed -- even if you have never been an AT&T customer.

Immediate Steps to Take Right Now

1. Change Your AT&T Passcode Immediately

If you are a current AT&T customer, change your four-digit account passcode right away. This passcode is used to verify your identity when making account changes, and compromised passcodes could allow attackers to take over your account. Change it through the myAT&T app, online at att.com, or by visiting an AT&T store.

2. Freeze Your Credit at All Three Bureaus

With Social Security numbers exposed, a credit freeze is the single most effective step you can take to prevent identity theft. A credit freeze prevents anyone -- including you -- from opening new credit accounts until you temporarily lift the freeze. Place a freeze at all three credit bureaus:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/
• Experian: experian.com/freeze/center.html
• TransUnion: transunion.com/credit-freeze

Credit freezes are free by federal law and do not affect your credit score. You can temporarily lift them whenever you need to apply for credit.

3. Monitor Your Bank Accounts and Credit Cards

Review your bank and credit card statements carefully for unauthorized transactions. Set up real-time transaction alerts through your bank's app so you are notified immediately of any charges. Even small, unfamiliar charges can indicate a criminal testing a stolen account before making larger purchases.

4. Check If You Were Affected

AT&T notified affected customers by email and mail for both breaches. If you were a current or former AT&T customer, check your email (including spam folders) for notifications from AT&T. You can also log in to your AT&T account or contact AT&T customer service directly to ask whether your data was included in either breach.

5. Enroll in Free Credit Monitoring

AT&T offered free credit monitoring and identity theft detection services to customers affected by the first breach. If you received a breach notification, follow the enrollment instructions provided. Even if the enrollment period has passed, consider signing up for a credit monitoring service independently. You are also entitled to one free credit report per week from each bureau through AnnualCreditReport.com.

Watch for Phishing Attacks Using Your Stolen Data

After any major breach, phishing attacks increase dramatically. Criminals use the stolen data to craft convincing messages. After the AT&T breaches, be on guard for:

• Fake AT&T emails or texts asking you to "verify your account" or "reset your passcode" through a provided link
• Phone calls from "AT&T support" requesting your account PIN, SSN, or other personal details
• Targeted scams that reference real details from your life (people you called, your address, or your account number) to appear legitimate
• Fake breach notification emails that mimic AT&T's actual communications but direct you to malicious websites

Remember: AT&T will never ask for your full Social Security number, full account passcode, or password by email, text, or unsolicited phone call. When in doubt, hang up and call AT&T directly using the number on their official website.

Long-Term Protection Measures

Enable SIM Swap Protection

With your phone number, name, and other personal details exposed, you are at elevated risk for SIM swap attacks. In a SIM swap, a criminal convinces your carrier to transfer your phone number to a SIM card they control, giving them access to your calls, texts, and any accounts that use SMS-based two-factor authentication. Contact AT&T (or your current carrier) and ask them to add a SIM lock or extra security PIN to your account.

Enable Two-Factor Authentication Everywhere

Enable two-factor authentication (2FA) on every account that supports it, especially email, banking, and social media. Because SMS-based 2FA is vulnerable to SIM swap attacks, use an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy whenever possible. Hardware security keys like YubiKey offer the strongest protection for your most critical accounts.

Use Unique Passwords for Every Account

If you reused passwords across accounts, change them now. Use a password manager to generate and store strong, unique passwords for every service. Criminals who obtain your email and a reused password will attempt credential stuffing attacks across dozens of popular platforms.

How Data Brokers Make Breach Data More Dangerous

Here is a risk most people overlook: data brokers aggregate information from public records, social media, purchase histories, and other sources into detailed personal profiles. When breach data enters the picture, criminals can cross-reference it with data broker profiles to build an even more complete picture of a victim.

For example, the second AT&T breach exposed phone numbers and call patterns but not names. On its own, that might seem relatively harmless. But if a criminal looks up those phone numbers on a data broker site, they can instantly match numbers to names, home addresses, email addresses, family members, and more. The breach data and the broker data together become far more dangerous than either one alone.

This is why removing your personal information from data broker sites is a critical part of breach response -- not just an optional extra step.

How PrivacyOn Helps Reduce Your Exposure

You cannot undo the AT&T breaches or remove your data from the dark web. But you can reduce the personal information that is publicly available to anyone who wants to look you up -- including criminals armed with breach data.

PrivacyOn removes your personal data from over 100 data broker sites that collect and sell your name, address, phone number, email, family members, and more. By removing this data, you make it significantly harder for criminals to:

• Match breach data (like phone numbers) to your full identity
• Build comprehensive profiles for identity theft or fraud
• Target you with convincing, personalized phishing attacks
• Locate your home address or contact your family members

PrivacyOn continuously monitors these sites and re-removes your data when brokers re-add it, providing ongoing protection rather than a one-time fix. After a breach as significant as AT&T's, reducing your publicly available data is one of the most impactful steps you can take.