Massive AT&T Data Breach: 86 Million Records, Decrypted SSNs Leaked

8299

A major security incident has come to light, with hackers leaking what appears to be a massive database containing records of 86 million AT&T customers. The leaked data includes a trove of sensitive personal information, raising serious concerns about identity theft and fraud.

The breach was first reported on a Russian cybercrime forum on May 15, 2025, and resurfaced on June 3, 2025, before spreading across various hacking communities. Initial reports suggested the database contained 70 million records, but an analysis reveals a significantly larger number of affected individuals.

What Data Was Leaked?

The leaked database includes a wide range of personal data, including:

  • Full names
  • Dates of birth
  • Phone numbers
  • Email addresses
  • Physical addresses
  • A staggering 44 Million Social Security Numbers (SSNs)

What makes this breach particularly alarming is the claim that the Social Security Numbers (SSNs) were originally encrypted but have since been decrypted and are now available in plain text. This significantly increases the risk of identity theft for affected customers.

If you are an AT&T customer, it is crucial to understand that your SSN may be compromised.

Is This Related to the Snowflake Breach?

The hackers responsible for the leak claim the data originates from the April 2024 breach of AT&T’s Snowflake cloud environment. That earlier breach compromised call and text metadata of approximately 110 million customers.

However, there are discrepancies. While the current leak contains a larger number of records (86 million compared to the claimed 70 million), it doesn’t fully align with the data exposed in the Snowflake incident. The current leak contains decrypted SSNs, a factor not present in the initial Snowflake breach reports.

It’s important to note that AT&T has a history of data breaches. In August 2021, ShinyHunters, a notorious hacking group, claimed to possess data of over 70 million AT&T customers. While initially denied, AT&T later acknowledged that breach in April 2024.

Similarities to Previous Leaks

Analysts have identified similarities and differences between the current leak and the April 2024 incident. The 2024 leak was disorganized and difficult to analyze. The latest leak is well-structured and includes decrypted SSNs that were previously encrypted.

Matching customer names, email addresses, addresses, and phone numbers have been found across both leaks. However, the higher record count in the current leak raises questions about its true origin.

Expert Analysis

“The original breach of sensitive records from AT&T was enough to worry their customers, now it poses a significant risk to their identities,” said Thomas Richards, Infrastructure Security Practice Director at Black Duck. “With both date of birth and SSNs being compromised, malicious actors have all the information they need to commit fraud and impersonate AT&T customers.”

What Should AT&T Customers Do?

Given the severity of the breach, AT&T customers should take immediate steps to protect themselves:

  • Monitor your credit reports for any signs of unauthorized activity.
  • Consider placing a fraud alert or credit freeze on your accounts.
  • Be wary of phishing emails or phone calls requesting personal information.
  • Change your passwords on all online accounts, especially those associated with AT&T.

AT&T’s Response

AT&T has acknowledged the claims and stated they are conducting a full investigation:

“It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.” – AT&T

This is a developing story, and we will update this article as more information becomes available. We have reached out to AT&T for further comment.

Content