How to Protect Yourself Regardless of Whether You Were Affected by the AT&T Breach

Fraud and Security

Fraud and Security Alerts


Back to Fraud and Security Alerts
SECURITY THREAT

How to Protect Yourself Regardless of Whether You Were Affected by the AT&T Breach

You have probably seen the news of a significant data breach at AT&T. Compromised data found on the “dark web” includes Social Security numbers (SSNs) for about 7.6 million current AT&T account holders and 65.4 million former account holders. AT&T says that while the data was released on the dark web in mid-March, the data appears to be from 2019 or earlier.

Here's our advice to protect yourself, whether you were affected by this breach or not:

  • Watch your credit report for new loans, lines of credit and credit cards. Pinnacle clients can use the “My Credit Score & Report” section on the homepage of Online Banking to see their score, see alerts about activity or download a report.
  • Be wary of people posing as AT&T. Breaches provide a secondary opportunity for scammers by pretending they’re from the breached company. If you receive an email, call or text claiming to be AT&T, contact the company using a separate, trusted source to confirm it’s real.
  • Compromised PINs are a risk for SIM swapping, a technique criminals use to gain access to your SMS/text-based authentication codes and one-time passwords. Using the PIN they got from breached data, scammers contact your wireless provider and re-assign your phone number to a device they control. AT&T reports they've changed affected users' passcodes, but it's good practice to know your PIN and to change it regularly.
  • Do not use the same password for multiple apps or sites. More urgently, if you were a victim of the AT&T breach and your breached password is attached to other accounts/apps, change them immediately.
  • Protect your SSN. Some organizations need your Social Security number to identify you: the IRS, your bank, and your employer. But they will NOT call, email, or text you to ask for it. Other organizations that ask you for your Social Security number might not really need it, such as a medical provider, a company, or your child’s school. Ask these questions:
    • Why do you need it?
    • How will you protect it?
    • Can you use a different identifier?
    • Can you use just the last four digits of my Social Security number?
  • Set up identity monitoring. AT&T says it will be offering affected individuals complimentary credit monitoring services. Pay attention to the language in the offer to identify exactly what it does (and does not) cover and review any strings attached. The Federal Trade Commission has great advice online about ID theft protection services. Be aware that several services only alert or monitor and do nothing to assist if something happens.
    • Credit monitoring tracks your credit reports and notifies you of any activity. Then it’s up to you to take action.
    • Identity monitoring goes a few steps further. It notifies you anytime your personal information (Social Security number, bank account information, etc.) is being used in ways that are inconsistent with your past activity.
    • Identity theft recovery services can help you get your financial life back on track after a breach affects you.
    • Identity insurance helps cover some of the associated costs of a security breach, like court fees.
  • You can freeze your credit at any time. A security freeze prevents someone from using your credit report to open a new line of credit. You can unfreeze your credit if you need to make major purchases in the future.
  • Always keep an eye on your statements for bank accounts and credit cards for unauthorized transactions.
  • Back up your data regularly. Experts recommend the 3-2-1 rule for backup: three copies of your data, two local (on different devices) and one off-site. For most people, this means the original data on your computer, a backup on an external hard drive, and another on a cloud backup service.
  • If you feel that you may be the victim of ID theft, you can visit identitytheft.gov, which was created by the FTC to help victims report and recover.

Quick Links