A new warning has been issued for AT&T customers following a major data breach that compromised the personal information of up to 86 million individuals.
This breach, first reported in 2024, resurfaced online when cybercriminals reportedly sold the stolen data on underground forums, increasing the risk of identity theft.
The exposed information includes highly sensitive data such as names, email addresses, phone numbers, and social security numbers.
According to a statement from AT&T, the breach was investigated by both internal teams and external consultants, but the company has not revealed much additional detail about the incident.
Newsweek reported that law enforcement has been notified of the situation.
What Happened: The AT&T Data Breach
In 2024, AT&T, one of the largest telecommunications providers in the world, suffered a significant data breach.
Hackers stole a database containing sensitive information from millions of customers. The compromised data includes names, email addresses, phone numbers, and, most alarmingly, nearly 44 million social security numbers.
This data has now been found for sale on Russian cybercrime forums, raising the risk of widespread identity theft.
According to cybersecurity researchers, the database containing up to 86 million AT&T customer records is being sold on Russian cybercrime forums, intensifying the international nature of this threat.
The Risk: Identity Theft and Cybersecurity Concerns
The stolen database contains enough sensitive information for cybercriminals to steal the identities of countless individuals. As security expert Jasdev Dhaliwal from McAfee explains, “now is the time to take action.” The sale of this data in cybercrime circles increases the likelihood of it being used for malicious purposes, including identity theft and fraud. Dhaliwal added:
“If you’re an AT&T customer, now’s the time to take action. A previously reported data breach has exposed personal information from millions of accounts—and that data is reportedly up for sale on underground hacking forums.”
The theft of nearly 44 million social security numbers is particularly alarming, as these numbers can be used for various types of fraud, including tax-related identity theft.
Steve Weisman, a cybersecurity expert, further stressed the importance of protecting one’s social security number, noting:
“Anyone can get scammed and your Social Security number can be obtained by identity thieves in a multitude of ways including data breaches – He also advised consumers to get a PIN each year from the IRS.”
“So that even if someone has your Social Security number, they won’t be able to file a tax return in your name with your Social Security number that would be accepted.”
How AT&T Customers Should Respond
AT&T customers are advised to take immediate steps to protect their personal information.
McAfee suggests checking credit reports for unfamiliar accounts and changing passwords to more secure, unique options.
Additionally, cybersecurity expert Steve Weisman recommends protecting your social security number by obtaining an IRS PIN to prevent tax-related identity theft.
AT&T’s Response: Investigation and Ongoing Actions
In response to the breach, AT&T has confirmed that the leaked data matches information stolen in 2024 and has been repackaged and sold on dark web forums. In a statement to Newsweek, an AT&T spokesperson said:
“After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development.”
AT&T has previously notified affected customers and is working with law enforcement to address the situation. The company is also continuing to monitor for any further developments.
What Comes Next for AT&T Customers
AT&T customers must remain vigilant. While the company has taken steps to notify customers and inform law enforcement, the threat of identity theft remains.
It is important for affected individuals to continue monitoring their accounts and credit reports for any suspicious activity.
This incident serves as a reminder of the importance of robust cybersecurity practices, particularly for large organizations handling vast amounts of personal data.
As breaches like these become more common, both companies and consumers must prioritize online security.
