In a significant cybersecurity incident, personal information of approximately 86 million AT&T customers has been leaked online. Hackers have reportedly decrypted previously protected Social Security numbers (SSNs) and disseminated the data on various cybercrime forums.
Discovery and Scope of the Breach
The breach first came to light on May 15, 2025, when a dataset believed to be from AT&T’s database was posted on a prominent Russian cybercrime forum. This dataset was re-uploaded on June 3, 2025, and has since been widely circulated among cybercriminal communities.
The leaked dataset comprises 88,320,018 records, with 86,017,090 unique entries after removing duplicates. The compromised information includes:
– Full names
– Dates of birth
– Phone numbers
– Email addresses
– Physical addresses
– Social Security numbers (SSNs)
Notably, 43,989,219 records contain SSNs that were originally encrypted but have now been decrypted and exposed in plain text.
Breach Summary
| Detail | Information |
|————————|—————————————————————————–|
| Date of Leak | First posted May 15, 2025; re-uploaded June 3, 2025 |
| Source of Leak | Russian cybercrime forum; later circulated among hackers |
| Claimed Number of Records | 70 million customer records (before deduplication) |
| Actual Unique Records | 86,017,090 unique entries |
| Total Records | 88,320,018 |
| Data Included | Full names, dates of birth, phone numbers, emails, addresses, 43,989,219 SSNs |
| Encryption Status | SSNs and dates of birth originally encrypted; now decrypted in plain text |
Implications of Decrypted Data
The decryption of SSNs and dates of birth significantly heightens the risk of identity theft, financial fraud, and social engineering attacks. With access to such comprehensive personal profiles, malicious actors can more easily impersonate individuals, apply for credit in their names, or gain unauthorized access to sensitive accounts.
Connection to Previous Breaches
This incident is linked to a series of prior breaches involving AT&T:
– April 2024 Breach: The hacking group ShinyHunters exploited vulnerabilities in Snowflake, a cloud storage platform, affecting 110 million AT&T customers. This breach primarily involved metadata associated with calls and text messages, including phone numbers and call durations. Importantly, the content of the communications and specific timestamps were not compromised. Some cell site location data was also stolen, potentially allowing attackers to approximate the general location of communication activity. ([news.networktigers.com](https://news.networktigers.com/hacker-files/att-data-breach-exposes-millions-of-customers/?utm_source=openai))
– August 2021 Breach: ShinyHunters claimed to have accessed data affecting 70 million AT&T customers. AT&T acknowledged this breach in April 2024, stating that the data appeared to be from 2019 or earlier, impacting approximately 7.6 million current account holders and 65.4 million former account holders. The compromised information included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. ([arstechnica.com](https://arstechnica.com/tech-policy/2024/04/att-acknowledges-data-leak-that-hit-73-million-current-and-former-users/?utm_source=openai))
The current leak is particularly concerning because it includes decrypted SSNs, which were encrypted in the earlier breaches.
AT&T’s Response and Legal Actions
As of now, AT&T has not issued an official statement confirming or addressing this latest data leak. This silence contrasts with its previous responses to security incidents, where the company typically provided public notifications and protective measures for affected customers.
In response to earlier breaches, AT&T reset passcodes for millions of customers and offered credit monitoring services. The company also faced multiple class-action lawsuits alleging inadequate protection of customer data. For instance, in April 2024, AT&T faced lawsuits over a data breach affecting 73 million customers, with allegations that the company failed to adequately protect customers’ personal data, leading to the exposure of sensitive information. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/?utm_source=openai))
Recommendations for Affected Customers
Given the severity of this breach, current and former AT&T customers are advised to take the following steps:
1. Monitor Financial Accounts: Regularly check bank and credit card statements for unauthorized transactions.
2. Credit Monitoring: Enroll in credit monitoring services to receive alerts about suspicious activities.
3. Fraud Alerts and Credit Freeze: Place fraud alerts on credit reports and consider freezing credit to prevent new accounts from being opened in your name.
4. Change Passcodes and Passwords: Update AT&T account passcodes and any other accounts using similar credentials.
5. Be Vigilant Against Phishing: Be cautious of unsolicited communications requesting personal information, as attackers may use the leaked data for targeted phishing attempts.
Conclusion
The exposure of 86 million AT&T customer records, especially with decrypted Social Security numbers, represents a significant escalation in data breaches affecting the telecommunications giant. The incident underscores the critical importance of robust data protection measures and prompt, transparent communication with affected individuals. Customers are urged to take proactive steps to safeguard their personal information and remain vigilant against potential misuse.
