Major data breach exposes 86M AT&T customer records, including social security numbers — here's how to know if you were affected

New York Post

a day ago

AT&T has experienced a massive personal data breach, so if you're one of the more than 100 million people who use the company, you'll want to be on guard.
According to a report from Hack Read, more than 86 million customers have been affected with leaked details ranging from full names to dates of birth, phone numbers, email addresses and physical addresses.
It's reported that more than 44 million Social Security Numbers were also included in the data leak.
Advertisement
While each of these data sets poses privacy risks on their own, together they could create full identity profiles that could be exploited for fraud or identity theft.
The stolen data is reportedly fully decrypted and was first posted to a Russian cybercrime forum on May 15 before being re-uploaded on the same forum on June 3.
Hackers reportedly accessed data by getting into accounts that lacked multi-factor authentication, and this leak appears to be linked to an original hack by the ShinyHunters group in April 2024.
Advertisement
'It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain,' an AT&T spokesperson told Hack Read in a statement.
'We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.'
The original seller of the exposed data claimed that this leak is 'originally one of the databases from the Snowflake breach' — but according to Hack Reads analysis, there are about 16 million more records in this breach than the previous one.
The leak reportedly included full names, dates of birth, phone numbers, email addresses, physical addresses and social security numbers.
AFP via Getty Images
Advertisement
AT&T also acknowledged the security researchers' doubts that this breach was linked to the original 2024 breach.
'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' the company said in a statement.
'Affected customers were notified at that time. We have notified law enforcement of this latest development.'
If you're an AT&T customer, it's possible your personal and private data could be part of the leak. Though if your data was leaked in this hack, it's likely because it was already unprotected in the August 2024 National Public Data breach, which exposed 'three decades' worth of Social Security numbers on the online black market.'
Advertisement
'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' AT&T said in a statement.
LightRocket via Getty Images
To check if your information was leaked in that breach, you can check through Pentester, a cybersecurity firm, by going to npd.pentester.com and entering your information, which will allow you to see a list of your breached accounts.
Security experts are also urging customers to keep an eye on their credit reports.
AT&T said it 'offered credit monitoring and identity theft protection to those customers whose sensitive personal information was compromised as part of the notice in 2024.'