Data for 86 million AT&T customers leaked again. I take it as a warning

AT&T lost information on millions of its U.S. customers last year—not just account numbers, but full names, phone numbers, email addresses, physical addresses, birth dates, and even social security numbers. But that wasn’t the end of the story, as the stolen data surfaced again. And this time, birthdates and SSNs (supposedly encrypted before) are now included in plain text.

According to recent news reports, this reappearance of AT&T customer profiles doesn’t offer any new data. But don’t breathe easy just yet. Bad actors can more easily use these details to commit identity theft or target the affected for scams.

Am I worried? Yes, a little. Anything that simplifies online attacks is concerning. But I see this situation as an opportunity to review my defenses against identity theft and scams. You should, too.

These four steps help prevent identity theft

A lot of damage can be done with your full name, physical address, phone number, birthdate, and social security number in hand. But these days, no one needs to wait to see if they become a victim of identity theft. (A very likely possibility, with breaches like the AT&T hack yielding so much valuable data.) 

You can take these four steps to make identity theft much harder:

PCWorld

1. Freeze your credit. Putting a freeze on your file with the major credit bureaus in the U.S. (Experian, Equifax, TransUnion, and Innovis) stops everyone, including you, from opening new lines of credit. If you ever need a new credit card, loan, or mortgage, you can temporarily unfreeze your file while the application process is happening.
2. Create an IRS identity protection PIN (IP PIN). This six-digit numeric string must be included with your tax return for it to be processed. Setting one up via the IRS website keeps others from filing fraudulently in your name—even when you don’t need to file a return. (Note: A new PIN will be generated each year, so check your IRS account for the latest one before filing.)
3. Freeze your banking report. Similar to credit reports, a file exists about your bank account history. You can get blackballed by banks if someone else damages your reputation—so maintain your good name by requesting a security freeze for ChexSystems, the main company used to verify your worthiness as a customer. Once in place, you can’t open new bank accounts. You’ll have to temporarily lift the freeze whenever applying.
4. Create an account PIN for your mobile number. This PIN is different than what you use to get into voicemail. Setting one up locks your account against transfers to a different phone provider—a method some hackers use to steal your phone number, in order to get into linked accounts. (for example, controlling your phone number means they’ll receive your bank’s text messages, including verification codes—not you.)

And these three steps help protect you from scammers

Jared Newman / Foundry

You’ve likely heard these tips already, but I’ll repeat them. Sometimes it’s easy to forget them, even though they can be simple daily habits.

1. Don’t click on weird links. What’s “weird”? Any URL that isn’t fully visible to you and doesn’t match a known, trusted website.
2. Install only well-known, vetted apps. You can lose a lot of your private details to infostealer malware, including strong passwords and sensitive financial info. Whether a full software program or a browser extension, this kind of malware spies on you quietly.
3. Use two-factor authentication (and passkeys). At minimum, your most important accounts (primary email, bank, medical records, cell phone) should be protected with a second factor for authentication whenever possible. You can also use a passkey instead. Both of these authentication measures add extra defense against slip ups—a phishing site or infostealer extension can capture your password, but a hacker can’t go any further with that info. Meanwhile, passkeys can’t be stolen the way passwords can.

Unfortunately, most people now have their info available on the dark web. Don’t assume that if you’ve never used AT&T, you’re in the clear. In fact, after high-profile breaches (e.g., Equifax; National Public Data), you’re safer assuming you’ve been exposed and preparing accordingly. The fallout of identity theft and getting scammed is expensive—either in time or lost money. Your emotional health can take a hit, too.