Last month, an online hacker claimed to have obtained the personal information of 72.6 million AT&T customers.

According to reports, the breach includes AT&T customers’ names, addresses, mobile phone numbers, decrypted dates of birth, encrypted social security numbers, and other corporate information. AT&T has now admitted that the data was released, but there is no indication that the leak originated on its servers, leading many to suspect that a third party leaked the data.

READ MORE: Ahead Of The Holidays, AT&T Is Offering Up To $1,000 Off New iPhones And Galaxy Upgrades

With this confirmation, AT&T stated over the weekend that it will provide current and previous customers with a free year of Experian’s IdentiyWorks service to help protect their online identities. If you are eligible for this deal, you should have gotten an email from AT&T. Make sure to carefully study your email before deleting it.

According to reports, data from 7.6 million current and 65 million previous consumers was exposed. AT&T issued the following statement on its website:

READ MORE: In 2024, Cookies Will Eventually Die. Here’s Why Advertisers Should Rejoice About This Upgrade

It has come to our attention that certain AT&T passcodes have been hacked. We are contacting all 7.6 million impacted clients and have reset their passcodes. In addition, we will communicate with current and previous account holders who have compromised sensitive personal information.

Our internal teams are collaborating with external cybersecurity specialists to assess the situation. To the best of our knowledge, the hacked data appears to be from 2019 or earlier and does not include personal financial information or phone records.

The data was originally offered for sale in 2021, but it is now available for free online. BleepingComputer claims to have evaluated the data and can confirm that some of the 72.6 million lines are correct, including social security numbers, residences, dates of birth, and phone numbers.

Be wary of any calls or texts purporting to be from AT&T. The disclosed data can be used to launch targeted attacks on AT&T subscribers.

So, what should you do if you are an AT&T customer whose data may have been released online?

Here are a few actions you can do to better protect yourself. While nothing you do can completely prevent you from an attack or someone using your information against you, these steps will assist to reduce the risk and make it much more difficult for scammers.

Step 1: Check your passwords.

If you’re like many individuals, you reuse passwords across multiple accounts. It’s a terrible practice, but considering how many accounts people manage, it’s reasonable that they’d stoop to it. If one of those passwords is compromised, a hacker could gain access to a variety of accounts and services under your name.

So, if you are someone who uses the same password again, change it!

Better still, sign up for a password manager, which will generate unique, complex passwords for all of your accounts, allowing you to remember only one.

However, keep in mind that password managers, such as Lastpass, can be compromised, as happened late last year. Bitwarden provides a pretty complete version of their password management software for free, but providers such as 1Passworld and Dashlane provide more bells and whistles for a higher price.

Just keep in mind that they are not immune to attacks (as Lastpass demonstrated), so you may need to be prepared to switch services if one fails to sufficiently protect you.

Step 2: Two-factor authentication.

Adding a second layer of security to your most important accounts is also essential. That frequently involves two factor authentication, in which you are given a second, randomized password or pin number to input in addition to your ordinary password, confirming that you are, in fact, you.

This is a function provided by all banks and many services, so make use of it wherever available.

Many provide text message-based multi-factor authentication, but considering how readily your cellphone number may be compromised, security experts urge utilizing an app-based authentication program such as Google Authenticator or Authy. For individuals who are especially attentive, a physical fob like one from Yubikey is the best choice.

Step 3: Work with credit agencies.

You can place a fraud alert with the three credit bureaus: Experian, TransUnion, and Equifax. If someone files a credit application in your name, the agencies will contact you for verification.

Keep in mind that the fraud alert is only valid for one year, after which you can manually extend it.

You can also request to freeze or lock your credit, which limits or prevents other firms from accessing it. Keep in mind that this can be inconvenient if you’re signing up for internet service, as the freeze prevents the company from accessing your data.

Step 4: Continue monitoring your credit and accounts.

Even once you have locked down your credit, you must continue to monitor your various accounts. However, this can be extremely stressful at times, and it is only natural for that attentiveness to decrease with time.

You can join up for a program like Norton LifeLock or American Express CreditSecure to keep track of your accounts and passwords. These services monitor whether your passwords or accounts have been compromised and send you regular updates.

At this stage, it’s also a good idea to check any dormant accounts, whether they’re old emails or for a retailer, and close them. The smaller your digital trace, the more difficult it is for a scammer to detect you.