Hi there, friend! I only send a Current Tech Alert when something big happens. Major data breaches have been crossing my desk all month, but this one is big enough I couldn’t wait for tomorrow’s newsletter to tell you about it and how to protect yourself.

Heads-up: My great sponsors help me put out this alert free to you. Your personal info is for sale all over the internet for just a few bucks. Scammers love that — but they’re not the only ones. Data brokers sell everything from your address to your Social Security number to anyone willing to pay. Enter Incogni. They scrub your personal info from the web. Get 60% off right now.

Do me a favor and pass this along to someone in your life who should know. Let’s stay tech-safe together! — Kim

AT&T dropped some big and very bad news this morning: “Nearly all” customers had text and call data leaked in a massive cyberattack. We’re talking 95 million people.

“Kim, really? Another data breach?” I know, but don’t tune this one out. It has scary implications for your privacy.

What happened?

Hackers broke into a third-party cloud platform AT&T used to store customer data. More specifically, the breach included records of phone calls and texts of cellular customers, wireless network customers and landline customers between May 2022 and October 2022 and Jan. 2, 2023.

​​Some stolen records also include cell site IDs. This is where things get especially scary. Those records can be used to track a phone’s location, intercept or block calls, and create fake cell towers for eavesdropping.

The stolen data doesn’t include the contents of those phone calls and text messages — but I’d argue all that location data might be worse.

Picture it: Someone with enough info to “watch” you leaving your home for work, to run errands, to go to a doctor’s appointment — all just based on tower pings from calls and texts sent along the way.

AT&T says hackers didn’t steal dates of birth and Social Security numbers, and what they did get doesn’t include timestamps. The data will reveal which customers interacted and how often but not exactly when the interactions occurred.

The breached data is publically available … yet. Of course, those responsible could choose to release the data or put it up for sale at any time, which they will do unless AT&T pays them off.

What now?

This is still a developing story, but we do know AT&T has closed off the cyberattack’s access point and is working with law enforcement. This all happened back in April, FYI. So far, at least one person involved has been apprehended.

If your data was included in this latest breach, you’ll hear about it by text or email or get something in the mail. Assume it’s you if you were an AT&T customer between May and October 2022 or on Jan. 2, 2023.

Your safety checklist

The official word from AT&T is that no personal information was breached … this time. If you’re a customer, it’s in your best interest to take these steps ASAP:

• Update all your account passwords immediately. This includes the PIN used to lock down your account (you’ll need to call AT&T to change that), your online account login and even your phone’s PIN for good measure.
• Monitor your account for unusual activity, like overage warnings when you never get those or evidence someone else is accessing your account. Contact AT&T right away if you notice anything suspicious.
• Switch to a safer way to 2FA. Getting text codes to log into your accounts is inherently risky. Your best bet is to use an authenticator app. Here’s a guide on how to set that up.
• As with any breach, monitor your credit card and bank accounts. Contact your bank right away if you notice strange charges or activity.
• Wipe your personal info from the web. Data-broker and people-search sites are known for buying leaked details like this to make more detailed packages about you. You can delete yourself from those sites one by one, but it’s hard and frustrating. I use Incogni to do the hard work for me.

Now, do the people in your life a favor and share this alert. Again, every single AT&T customer should consider themselves part of this breach, along with anyone who called an AT&T customer.

Your info is for sale everywhere. Between data brokers, advertisers, stalkers and scammers, everything from your personal cellphone number to your Social Security number is floating around the web for anyone willing to pay.

Everyone I know has lived in multiple places, had several phone numbers and used more than one email address over the years. I sure have. That’s why I’m so excited about this new, very awesome feature from my privacy and identity theft protection pick. I was a customer before they were an advertiser.

With Incogni, you can now remove your personal info from scummy people-search sites and data brokers’ databases, like your Social Security number, addresses, phone numbers and more, all for:

• 3 email addresses
• 3 physical addresses
• 3 phone numbers

Even just putting in my current cell number and primary email address has cut my spam and scam texts and calls down to zero. That’s right, I get no more spammy texts and calls. Now, Incogni will have even more ammo to find profiles that contain bits and pieces of my info.

Already have an account? Go to your Incogni dashboard and add your extra email addresses, physical addresses and phone numbers. Yep, this huge upgrade is free for you.

If you’re new to Incogni, it’s the perfect time to sign up. You won’t be disappointed. Incogni is an incredible service I’m proud to recommend to you because it works.