AT&T hit by major data breach; probe underway

The data breach, reportedly impacting a majority of AT&T 100 million US customers, surfaced on a Russian cybercrime forum in May and was re-uploaded in June with 16 million more records, suggesting a potentially broader compromise

US telecom giant AT&T is investigating new claims of a significant data breach involving sensitive information of more than 86 million customers, raising fresh concerns about cybersecurity in the country’s telecom sector. The compromised data is said to have resurfaced on dark web forums, containing personal details such as full names, birth dates, contact numbers, email addresses, physical locations, and, in some cases, Social Security Numbers (SSNs).

The breach reportedly affects a large portion of AT&T’s nearly 100 million-strong customer base across the United States. According to cybersecurity platform HackRead, the data—allegedly fully decrypted—was originally posted on a Russian cybercrime forum in May and re-uploaded in early June. The latest version of the leak appears to contain 16 million more records than previously linked data sets, prompting speculation that this could be part of a broader compromise.

A major concern is the potential for identity theft, as the combination of personal data and SSNs could be used to build full identity profiles. Experts warn that such information, when exposed in its raw form, gives cybercriminals tools for sophisticated fraud schemes.

Breach linked to ShinyHunters group

The attack is believed to have exploited accounts lacking multi-factor authentication (MFA). Investigators have linked the breach to the ShinyHunters hacking group, known for their involvement in a 2024 data breach. Some sources also suggest that the leak may be associated with the Snowflake breach, though the connection remains unconfirmed.

In a response shared with HackRead, an AT&T spokesperson stated, “Cybercriminals often repackage previously exposed data for resale. We are aware of recent claims and are conducting a thorough investigation.” The company added that internal reviews and independent cybersecurity consultants concluded the dataset mirrors information already leaked in March 2024.

“We notified affected customers during the initial breach and have reported this new claim to law enforcement,” AT&T added.

Pentester launches free exposure checker

To assist concerned users, cybersecurity firm Pentester has launched a free breach verification tool at npd.pentester.com, where individuals can check if their information has been compromised. Meanwhile, security experts are urging all AT&T customers to monitor their credit reports, change passwords, and activate multi-factor authentication wherever possible.

As the investigation continues, the incident underscores the growing challenge of protecting vast data repositories in the face of persistent cyber threats.