Consumer Corner with Anita Wilson: AT&T breach a cautionary tale

Published: 05-15-2024 1:17 PM

In recent months, millions of current and former AT&T customers received notices that their personal data had been stolen and then published on the dark web.

Generally speaking, personal data refers to personal information such as names, email and mailing addresses, account information and passwords, Social Security numbers and dates of birth. In this case, information belonging to an estimated 7.6 million AT&T consumers and about 65.4 million former account holders was stolen and published.

Those AT&T customers were far from alone. So far this year, dozens of companies have reported more than 800 data breaches affecting Massachusetts consumers. Companies are required to report data breaches affecting Massachusetts residents to the consumer and both the Office of Consumer Affairs and Business Regulation and the Attorney General’s Office.

For those who may not know, the dark web is a hidden part of the internet that is not found by typical search engines and is often used to conduct criminal activity.

Once your personal information has been stolen in a data breach, it can be used to commit identity theft, which can then mean stolen information is used to open credit accounts, sign up for government benefits, file health insurance claims or steal money from you without your knowledge or consent.

You may wonder if there is anything you can do to avoid a data breach, identity theft or at least lessen its potential impact on your finances. If you receive notice that your information has been released through a data breach, the notice should include actions you can take to protect your identity. If your Social Security number was stolen in a breach, companies are required to offer Massachusetts residents 18 months of free credit monitoring.

If you do receive a data breach notification, it does not necessarily mean that your personal information will be used to commit fraud or identity theft now or in the future, but you can take steps to protect yourself.

A data breach can happen to companies of all sizes. It can be the result of cybercrime such as someone hacking into a company’s computer network and stealing the information, or ransomware, which locks and encrypts the company’s files or computer network until the business pays to unlock them. Release of your personal information can also happen on a smaller scale through employee error, such as emailing confidential information to the wrong person.

Article continues after...

Yesterday's Most Read Articles

Leena’s Place in Belchertown faces state alcohol violation for allegedly serving 22 shots of liquor to underage employees
Emotional testimony as Easthampton council backs psychedelics ballot initiative
Fresh start for familiar restaurant: Former Taipei and Tokyo reopens in Northampton as Taipei Hibachi
What can you expect from a Cuddle Party? Conversations about consent happen before anything else
Area property deed transfers, Oct. 11
Tent camp stand-down: Situation defused after protest greets police, city officials at deadline for unhoused encampment

In this column, I will provide some simple steps to take in the event of a data breach that may impact you.

First, order your free credit reports from annualcreditreport.com or by calling 877-322-8228. You should request a credit report from each of the three credit reporting agencies — Experian, Equifax and TransUnion.

Once you receive the credit reports, check them carefully. If you see charges or accounts that you don’t recognize, that could be a sign of identity theft. Report any problems or activity to both the credit reporting agency and the bank or financial company involved. You can request a free copy of each of your credit reports weekly or as frequently as you’d like to monitor for identity theft.

Consider placing a freeze on your credit reports to make it harder for someone with your personal information to open accounts in your name. The freeze restricts access to your credit report so creditors won’t be able to check it should anyone use your personal information to apply for a loan or credit card account.

To place a freeze, contact each of the three credit bureaus — Equifax, Experian and TransUnion. There is no cost, and the freeze lasts until you remove it. It can be temporarily lifted if you want to apply for a new credit card or loan. The freeze does not affect your ability to use your current credit accounts.

Change your passwords regularly. Avoid using the same passwords for different accounts, and never reuse old passwords. They may have been stolen or exposed during an earlier data breach. Using new, complex passwords can help protect your accounts.

Check your bank and credit cards accounts, health insurance or Medicare statements at least monthly, and report any problems or errors. If you see charges that you didn’t make, report them immediately. This could be a sign of identity theft.

It is especially important to verify information in emails or text messages before you act. Fraudsters can impersonate banks, businesses or government agencies and use these methods of communication in an effort to gain access to your money or personal information.

Be especially wary of messages asking you to verify account numbers, passwords, PINs, Social Security numbers or other personal information. I suggest you verify by reaching out to the bank, business or government agency using the phone number or website you know is valid, not a number or link provided in an email or text.

To get help, you can file a report with the Federal Trade Commission at IdentityTheft.gov/databreach. They ask a series of questions about what information was exposed in the data breach and provide an action plan.

Remember that scammers often follow the headlines and will try to cash in. Disregard phone calls, emails or text messages from companies offering services to help you protect your identity. Scammers may pretend to be from the company involved in the breach saying that they need the customer to set up a new account or verify personal information. They may use personal information obtained in the data breach to target the consumers involved and to make themselves sound more credible. You can check data breach reports and letters sent at mass.gov/identity-theft-data-privacy-and-cyber-security.

For more information about data breaches, identity theft, or other consumer issues, contact the Consumer Protection Unit in Greenfield at 413-774-3186 or in Northampton at 413-586-9225 or visit NorthwesternDA.org/consumer-protection-unit and check our consumer resources.

Anita Wilson is director of the Northwestern District Attorney’s Office Consumer Protection Unit, which is a Local Consumer Program working in cooperation with the Office of the Massachusetts Attorney General.