AT&T investigating massive data leak affecting millions of users

UPDATE: Jun. 11,关键字1 2025, 4:43 p.m. EDT AT&T has provided Mashable with an additional statement after conducting an internal investigation. "After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development.” In addition, AT&T offered affected customers credit monitoring and identity theft protection services.You can read our original story below.

If you are one of the more than 100 million people who use AT&T, you might want to take stock of your data.

Hackers said they accessed and leaked millions of AT&T customers' private information after the ShinyHunters group allegedly stole the data in April 2024, according to a new report from Hack Read. The report claimed some 86 million AT&T customer records have been leaked, including full names, dates of birth, phone numbers, email addresses, physical addresses, and social security numbers. In total, Hack Read reported that 44 million social security numbers were included in the leaked data.

The social security numbers and birth dates were encrypted in the original hack by the ShinyHunters group, a leak that was made possible by security flaws in the Snowflake cloud data platform, as Mashable previously reported. Now, Hack Read has reported that this sensitive data is now decrypted.

We asked AT&T about the reported leak of their customer data. An AT&T spokesperson told Mashable in a statement that "it is not uncommon for cybercriminals to re-package previously disclosed data for financial gain."

"We are aware of claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation," the spokesperson added.

• Coinbase breach affected nearly 70,000 members and involved $20 million ransom
• Valve responds to Steam security breach, and it isn't as bad as it sounded
• Massive breach of Elon Musk's X allegedly leaks over 200 million users' email addresses

So, if you're an AT&T customer, this means your valuable private data could be part of this new leak. However, if your data was exposed in this leak, it was likely — although not certainly — already exposed in the August 2024 National Public Data breach. Mashable previously reported on this breach, which exposed "three decades’ worth of Social Security numbers on the online black market."

You can find out if your data was exposed in that breach by using a tool from Pentester, a cybersecurity firm, to check. Visit npd.pentester.com, enter your information, and see your list of breached accounts.