Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How To Protect Yourself from AT&T’s Massive Data Breach

Around 73 million current and former customers have been affected

spinner image a person is walking in front of a blue sign that says a t and t
PAU BARRENA/AFP via Getty Images

AT&T is still investigating a massive data breach the nation’s largest wireless carrier disclosed over the weekend, but what we know so far is troubling. ​

​A dataset of Social Security numbers, birth dates, AT&T account numbers and passcodes, email addresses and other sensitive personal information was discovered on the “dark web” two weeks prior. The dark web is a space where content is intentionally concealed and criminals can anonymously buy and sell illegal goods and private information. ​

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Find out how much you could save in a year with a membership. Learn more.

Join Now

​And the data, which AT&T said appears to be from 2019 or earlier, affects about 7.6 million current AT&T account holders and 65.4 million former customers.​

What AT&T is doing to tackle the problem

​If you pick up your smartphone to find that the device wants you to reset your passcode, typically four to six numerals that are a personal identification number, that’s because AT&T has reason to believe your information has been compromised. The company says it has already pushed a reset to current users’ passcodes. ​

​Beyond its investigation into the cause of the just-disclosed breach, AT&T said it is reaching out via mail or email to consumers who have been affected. The company will be offering these folks complimentary credit monitoring and identity theft services. ​​

The company hasn’t explained why information from so many more ex-account holders was discovered than present subscribers, but undoubtedly many of these people are older adults. 

A little less than a fifth, 19 percent, of AT&T’s current subscribers are older than 60, according to the latest weekly survey from telecom analyst Roger Entner of Recon Analytics in Dedham, Massachusetts. That compares to a little more than a fifth, 22 percent, of Verizon’s customers and about a sixth, 17 percent, of T-Mobile’s. 

AT&T hasn’t yet determined whether the breach originated from AT&T itself or from one of its outside vendors. The company added that it has uncovered no evidence so far of unauthorized access to its systems.

What you can do to be proactive

​Take action even if you think your data is safe and practice strong cybersecurity hygiene. Reset all your passwords and numerical passcodes regularly and avoid using the same or similar ones across multiple accounts. ​

​To update your AT&T passcode, navigate to my AT&T Profile and sign in. Scroll to My linked accounts | Edit and follow the prompts. ​

​You should also set up two-factor authentication, also called multifactor authentication. After entering your account credentials, you’ll separately receive a one-time code from a text, app or digital device you have with you. ​

​“There are three types of security: What you know, what you are and what you have,” Entner says. “What you are is biometric, what you have is like the two-factor authentication, and what you know are passwords and all of these things. And that’s the least reliable thing.” ​

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

​AT&T is encouraging customers to closely monitor their own account activity and credit reports. You can also set up free fraud alerts from Equifax, Experian and TransUnion, request and review a free credit report at and freeze your credit reports. ​

Other telecommunications companies have had problems

Leaky data is not new to telecom. This latest breach brings to mind data on 37 million T-Mobile accounts that hackers stole in late 2022, at the time the company’s second major security leak in less than 24 months. ​

​In August 2021, T-Mobile disclosed that hackers swiped personal data on more than 40 million U.S. customers, a figure later revised to around 77 million. Back then, T-Mobile claimed no passwords, payment card information, Social Security numbers or other information was compromised. ​

​In recent years, other industries have experienced their own sizable data breaches. ​Last year, more than 3,200 instances of compromised data affecting more than 353 million people, were publicly reported, according to the Identity Theft Resource Center. That is a 78 percent increase from 2022.

​It's hardly surprising. Sensitive information is the rocket fuel that powers scammers. Armed with such data, bad guys can pretend to be you, or in certain cases earn your trust because of what they know. ​​​

This story, originally published April 1, 2024, was updated with additional information from the Identity Theft Resource Center.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?