My Personal Data Was Stolen!

Having one's personal digital information stolen is akin to a night-time burglary that you somehow slept through. It may take some time before you realize something is missing.

I am among 70 million AT&T customers whose personal information was allegedly stolen by hackers. Although I've been a customer of this $122 billion company (2023 total revenues) for decades, I'm more than a little peeved, although I'm doing as much as I can to protect myself and my personal information. It's a genuine teaching moment in the digital age.

The bottom line is that we're going to see more data theft because it's a valuable global commodity and much easier to steal than gold in a vault. In just the first quarter of 2024, data breaches rose a stunning 90% from the first quarter in 2023, according to the Identity Theft Resource Center.

To its credit, AT&T did inform me, albeit maybe years after the database of customer data was possibly posted by cyberthieves for sale. The company also comped me for a credit monitoring service, which I immediately signed up for when I got the notice.

Not surprisingly, AT&T is being sued over the breach. The company said in a statement that it "has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders."

"A&T's data was first offered for sale in 2019," notes James Lee, CEO of the Identity Theft Resource Center, a non-profit organization in El Cajon, California, that helps consumers, businesses and governments combat identify theft.

"At the time, AT&T said 'it didn't come from our system. We know their data was posted on identity theft forums on the dark web." (The "dark web" is a shady neighborhood on the internet where stolen information is offered for sale.)

To date, I've received no fewer than three letters from AT&T explaining the breach and my after-the-fact security options. Somehow it feels like a policeman telling me to lock my doors and get an alarm system long after a break-in occurred. The "Notice of a Data Breach" snail mail trumpets their offering of "complimentary credit monitoring, identity theft detection and resolution services provided by Experian's IdentityWorks."

Wait, did the hack actually happen in 2019? AT&T's statement continues: "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable."

I'm not exactly reassured. A tech-savvy telecom company the size of AT&T can't conclusively confirm whether customer information was stolen and sold on the dark web, the underground economy of data? Is my Social Security or credit card number being peddled like a smartphone stolen from my car? I would like some hard answers, although I'm taking some defensive action that AT&T set up for us potential victims.

So I went to the website AT&T created to protect me from becoming a victim of identity theft — again. I've had my credit card number stolen twice before, which forced me to close the account and get new cards. This drill is all-too familiar to me, but it's getting tedious.

I signed up for the credit-monitoring service AT&T offered at no cost to me. It will flag any attempt to access my credit record. I also froze access to my credit file and engaged notifications for fraud alerts, which I hope will prevent thieves from illegally opening credit lines in my name. I did a credit freeze years ago for an unrelated credit theft incident, so I suppose you could call this a "deep" freeze.

At the very least, this is an ongoing fire alarm for everyone who uses credit or has their personal information stored by a third party. Check your credit record every year — even more frequently if you've been a victim of a data breach. You're entitled by law to one free annual credit report from each of the three major credit bureaus.

James Lee of the Identity Theft Resource Center said now is a perfect time to review your strategy for protecting your online information. "The only way to stop someone from using your information is to do a credit freeze on your credit file," Lee advises. "It will have no impact on your credit score and you can 'thaw' it (lift the freeze) any time."

For even more protection, use "passkeys" for your browser and email services. "They are far more secure," Lee notes, "and the (passkey) number doesn't leave your device. And don't re-use the same password for everything."

You can pay extra for credit monitoring through all major antivirus and internet protection software companies, but I'm not sure if it's worth the extra money for an additional monitoring service. You might even get it as part of other software packages.

Even major credit card companies have reasonably good fraud alerting systems. Changing passwords and doing two-step verification are always good ideas. You can even find "password managers" that protect this information.

The bottom line is to protect your data every way you can. Yet to be more effective on a larger scale, tell your congressional representatives you want meaningful federal data privacy laws that not only safeguard data, but impose penalties on companies that have sleepy digital watchdogs.