AT&T Security Breach Affects 73 million

AT&T has recently disclosed a data breach in their systems affecting 73 million of their current and former customers. They have begun notifying specific customers of the breach. From AT&T’s disclosure, the breach occurred in 2019 or earlier. Potential information stolen includes full names, Social Security numbers, email addresses, mailing addresses, phone numbers, encrypted passwords, and passcodes for the affected clients.

AT&T has forced password changes on all affected accounts and encourages all customers to update their passcodes on their accounts. They also strongly encourage all customers to request and review their free credit report via freecreditreport.com to determine if there are any fraudulent credit applications on their credit history. They are offering one year of enrollment through Experian’s IdentityWorks credit monitoring service for affected customers. Affected customers will be notified of how to enroll via email or U.S. Mail.

Legitimate email communications from AT&T regarding this breach will come from ATT@message.att-mail.com. If you receive an email message that appears to come from AT&T, and it asks you to provide personal information like login credentials, do not reply to it. Please forward it to scam@abuse-att.net and to Support@vertilocity.com

Customers who are concerned that their information may have been compromised in the breach but have not received notification from AT&T can check by entering their email account associated with their AT&T account at Have I Been Pwned. It will list any known data breaches that an email account was involved in. If the AT&T breach is listed, we recommend contacting AT&T support, resetting your AT&T account password and passcode, and ensuring that any other account that has potentially been compromised password has its password changed. Other breaches may also be listed. In each case, consider when the breach occurred and ensure any associated account has had the password updated since the breach occurred.

Vertilocity strongly encourages any client who has a subscription to any AT&T service on or before 2019 to change their account password and update their passcode. Do not use the same password for other websites or logins. 

Be on the lookout for scams, as malicious groups will often attempt to use the information gathered from these kinds of breaches to try to obtain greater access to your digital domain, including other accounts. We have recently observed an increase in scam activity in which the scammer will identify themselves as being with the Fraud Protection or Support teams for major organizations like Amazon, Google, or Microsoft. They provide information about the customer to “prove” that they are who they say and then attempt to extract other information. They are often particularly interested in getting users to look up and provide their IMEI or SIM numbers from the Settings of their cell phone so that they can bypass Multifactor Authentication, MFA, or otherwise gain access to a customer’s accounts.

Vertilocity also recommends the following to help protect against Fraud and Security Breaches

  • Never disclose personal information or account information to anyone contacting you on an unsolicited phone call.
  • Ensure that any accounts accessible from the public internet have MFA enabled
  • Leverage Single Sign-on solutions with MFA or passwordless security wherever possible, or implement a password management system to ensure that your passwords are complex and unique for every account.
  • Consider implementing end-user training programs to help you and your users identify scam and phishing behaviors and avoid making mistakes that can lead to substantial losses. 
  • Ensure that you have an effective email filtering solution that can identify spam, phishing, scams and malicious links and attachment
  • Consider implementing services that can detect email account takeover and advanced impersonation attempts

If you have any questions or concerns regarding these breaches or any other cybersecurity matters, please don’t hesitate to reach out to us at MSP@Vertilocity.com. We are here to provide you with the support and guidance you need.