Text and phone data for hundreds of millions of AT&T customers was exposed through a massive hack. Here’s how to know if your information was exposed and what you should do next:

What happened?

According to AT&T, the customer data was illegally downloaded from a third-party cloud platform. The company reportedly learned of the hack in April.

What information was included

The hack was massive, involving 109 million customers. The data includes phone calls and text messages of nearly all AT&T customers from May 1, 2022 to Oct. 31, 2022, as well as some data from Jan. 2, 2023. It also includes other phone numbers that an AT&T wireless customer interacted with during the same time, including landlines.

What information wasn’t included

The downloaded data doesn’t include the content of the calls or texts, or times the calls or texts were made. It also doesn’t have details such as Social Security numbers, birth dates, or other personally identifiable information.

It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information. And while customer names weren’t included, there are ways to find out names associated with phone numbers using online tools, AT&T reported.

What AT&T said

“At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended,” the company said in a statement.

Reuters reported the FBI is investigating the incident and at least one arrest has been made.

How to check if your data was included

If your account was included AT&T said they would contact you by text, email, or U.S. mail.

You can also check if their data was compromised – including texts and phone numbers included in the download – by logging onto their accounts.

What about identity theft protection?

A company spokesperson told CBS Money Watch the company isn’t providing identity theft protection at this time.

How to protect yourself

AT&T has offered a list of good cyber habits to help keep your data safe.

Among the suggestions:

• Only open text messages from people that you know and trust. Do not reply to a suspicious text.
• Don’t reply to a text from an unknown sender with personal details.
• Go directly to a company’s website. Don’t use links included in a text message. Scammers can build fake websites using forged company logos, signatures, and styles.
• Make sure a website is secure by looking for the “s” after the http in the address. You can also look for a lock icon at the bottom of a webpage.