Cybersecurity expert offers tips after millions impacted in AT&T data breach

FOX 5 is learning more tonight about what’s ahead for people impacted by AT&T’s massive data breach.

The company says millions of users’ information was leaked online, impacting current and former customers.

The personal identifying information, including social security numbers, was stolen and leaked on the dark web. More than 70 million current and former customers are impacted. 

The company is still investigating the source of the breach.

"The scale is pretty significant I think on that," said David Malicoat, a cybersecurity expert and host of the Professional Ciso podcast. "The other piece of this is: this is not new. So, this set of data was actually out on the dark web previous to this back in 2021 and at that point in time, AT&T had denied that they had anything to do with it." 

Right now, FOX 5 is told that the telecommunications company is notifying customers whose information was compromised.

AT&T says the information leaked includes social security numbers and passcodes — not to be confused with passwords. Passcodes are numerical codes — typically PINs — that are four digits long. 

READ MORE: AT&T says data breach has impacted millions of customers

"First and foremost go look at your email or go look at how you get your information from AT&T to see if you were affected," Malicoat said. "AT&T has your password for your account but they also have an additional layer of security called a passcode, so go and change that…if you feel like you may be affected." 

Malicoat goes on to recommend not reusing passwords and not reusing your AT&T password anywhere else.

The company released a statement on its website, saying:

"AT&T* has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.

AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable. We encourage current and former customers with questions to visit for more information.

As of today, this incident has not had a material impact on AT&T’s operations."