A major cybersecurity threat is resurfacing, putting the personal data of millions of Americans at risk. This threat involves AT&T, one of the largest telecommunications companies in the United States. The company faces a massive data leak involving sensitive information, including about 44 million Social Security numbers.
According to cybersecurity experts, a database containing approximately 86 million AT&T customer records was originally stolen during a data breach in 2024. Although the company acknowledged the breach and offered protection services to all affected users, the same data is now being sold again, reportedly by Russian hackers on underground forums.
The leaked data includes full names, email addresses, mail addresses, phone numbers, birth dates, and most alarmingly, Social Security numbers (SSNs) in plain text. This means that the most critical data required for identity theft is available and accessible to criminals.
McAfee Expert Urges Customers to Take Action
Cybersecurity specialists are urging customers to take this threat seriously, even if they had been previously informed by AT&T.
“If you’re an AT&T customer, now’s the time to take action. A previously reported data breach has exposed personal information from millions of accounts — and that data is reportedly up for sale on underground hacking forums,” said Jasdev Dhaliwal, a consumer security and online privacy expert at McAfee.
He also warned that the leaked data is sufficient and comprehensive enough to enable criminals to impersonate individuals, open fraudulent accounts and file false tax returns.
AT& Responds
According to AT&T, the leaked data matches the same data that had been compromised back in March 2024. In a public statement, a company spokesperson clarified:
“After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development.”
AT&T also disputed claims that Social Security numbers were originally encrypted.
“Both [Social Security numbers and birth dates] were available in plain text in the original compromised dataset from 2024,” the company added.
What AT&T Users Need to Do to Secure Their Data
Experts say that, in addition to AT&T’s efforts to address the matter, the danger posed to customers is very real and ongoing because the data is being traded and viewed on cybercrime forums today. This means that the data will likely be misused. According to Steve Weisman, a cybersecurity expert and author of the Scamicide newsletter, stolen SSNs can be misused in several ways.
“Anyone can get scammed, and your Social Security number can be obtained by identity thieves in a multitude of ways, including data breaches.”
He advises users to use an IRS-issued PIN when filing taxes to prevent scammers from submitting fraudulent tax returns in your name.
If you are an AT&T customer, especially before the data breach occurred, here are some steps you should take immediately:
- Check your credit report for unfamiliar accounts or inquiries.
- Change your AT&T account password immediately, and use strong, unique credentials.
- Consider freezing your credit to prevent unauthorized accounts from being opened.
- Sign up for identity theft protection, particularly if you weren’t previously notified by AT&T.
- Request an IRS Identity Protection PIN (IP PIN) to secure your tax filings.
Conclusion
Although AT&T claims that this is not a new data breach, the appearance of sensitive personal data in public hacker forums means that the risk is high at the moment. Identity theft is now a looming threat, considering that SSNs, dates of birth, and other critical data are out in the open.
Cybersecurity experts are urging customers to take the matter seriously and take preventive action to secure your identity before it’s too late.