A massive trove of AT&T customer records has surfaced on underground hacking forums, sending shockwaves through the telecommunications giant's user base. The database, containing highly sensitive personal information for tens of millions of individuals, was first spotted by security researchers in mid-2025 and has since proliferated across multiple cybercrime platforms. For AT&T subscribers, the exposure represents a nightmare scenario where names, physical addresses, phone numbers, email addresses, birthdays, and Social Security numbers are all available in one neatly packaged dataset.

at-t-s-latest-data-breach-exposes-86-million-customer-records-including-decrypted-social-security-numbers-image-0

The scope of the leak is staggering, with conflicting reports putting the number of compromised records at either 70 million or 86 million. Hackread, the cybersecurity outlet that broke the story, maintains that 86 million records are included in the database. The discrepancy in counts does little to soften the blow when the nature of the exposed data is examined. Researchers confirmed that the leak includes full names, birthdays, phone numbers, email addresses, physical addresses, and a jaw-dropping 43,989,219 Social Security numbers. Initially, the birthdays and SSNs were encrypted, but hackers have since managed to decrypt them, and the data now sits in plain text within the database's files.

The dark web advertisements first appeared on a Russian cybercrime forum on May 15, 2025, and were reposted on June 3. From there, the stolen information began circulating on other underground marketplaces, dramatically increasing the risk of widespread identity theft and fraud. The timing is particularly alarming because the database appears to be an amalgamation of data from multiple breaches, meticulously combined into three cleanly formatted CSV files that are easy to parse. Hackread's analysis describes the dataset as "well-structured, clearly formatted, and straightforwardly divided," making it effortless for even low-skilled threat actors to exploit.

at-t-s-latest-data-breach-exposes-86-million-customer-records-including-decrypted-social-security-numbers-image-1

This is not AT&T's first major security incident. A July 2024 breach affected nearly all of its cellular customers, though the company initially believed the stolen data had not been posted online. Earlier, in March 2024, another breach compromised customer data from 2019 and earlier, impacting 7.6 million existing customers and a staggering 65.4 million former subscribers. The current database for sale is suspected to have been compiled over time from various sources, including the notorious August 2024 National Public Data breach, in which a hacker leaked over 3.2 billion Social Security numbers. Unless AT&T officially confirms the origin, experts can only speculate, but the careful decryption and mapping of previously encrypted SSNs suggest a deliberate effort to create a comprehensive identity fraud toolkit.

The exposed data is a goldmine for scammers. With the following fields available in plain text, impersonation becomes trivial:

  • 📛 Full names

  • 🎂 Birthdays

  • 📞 Phone numbers

  • 📧 Email addresses

  • 🏠 Physical addresses

  • 🔑 Social Security numbers (over 43.9 million decrypted)

This combination allows criminals to bypass security questions, take over accounts, file fraudulent tax returns, and even open new lines of credit in victims' names. The risk extends beyond AT&T account holders themselves; friends, family, and colleagues can be targeted through social engineering attacks that leverage the leaked details to craft hyper-personalized phishing messages.

As of 2026, the database is still believed to be circulating, and many of the affected individuals remain unaware. Security experts emphasize that proactive measures are the only defense. The first line of action is to immediately change your AT&T account password and enable multi-factor authentication if you haven't already. Given the breadth of the exposed information, monitoring credit reports for any unusual activity has become essential. Freezing your credit at all three major bureaus—Experian, Equifax, and TransUnion—is a powerful, albeit temporary, shield against fraudulent accounts being opened in your name.

Beyond credit monitoring, it is crucial to remain hyper-vigilant against phishing attempts. Emails, text messages, and phone calls that reference your personal details may suddenly seem more convincing. Hackers armed with your full name, address, and birthday can craft messages that appear to come from your bank, a delivery service, or even a family member. Treat all unsolicited communications with skepticism, and never provide sensitive information unless you initiated the contact through a verified channel.

The incident serves as a stark reminder of the lasting consequences of data breaches. While AT&T continues to investigate and offer support to affected customers, the burden of protection largely falls on individuals. In an era where our digital identities are fragmented across countless breached databases, consolidating personal security practices is no longer optional—it is a necessity. For the tens of millions caught up in this latest exposure, the message is clear: assume your data is already in the wrong hands, and act accordingly.