Telecom carrier AT&T is facing a major cybersecurity breach, reportedly affecting personal data of some 86 million existing and former customers.
Today’s breach appears to be especially concerning due to the disclosed ability of the thieves to decrypt already-encrypted social security numbers (SSNs) and other sensitive personal data, making identity theft and other forms of financial fraud that much easier.
Hackers made off with AT&T customer data last May and posted it on a well-known Russian cybercrime forum, a disclosure a security researcher said they have only recently been aware of.
The database, which was then re-uploaded on June 3, 2025, is currently being distributed among cybercriminal circles. According to preliminary analysis by cybersecurity professionals, the CyberNOR data dump contained 88.3 million records, and after removing duplicates ended up with 86,017,090 unique customer profiles.
That stolen information includes full names, birth dates, phone numbers, email addresses — and, crucially, decrypted Social Security numbers, with approximately 44 million records holding these extremely sensitive identifiers.
Unlike in the past when SSNs were encrypted or masked, those numbers are now in clear text – allowing malicious actors to easily conduct identity theft, financial fraud, social engineering attacks, account takeovers, and credit fraud.
AT&T has stated that data-specific fields were included in a dataset posted on the dark web, but continues to investigate the source of the data, including whether it originated from its own systems or from a third-party vendor.
The breached data appears to date to 2019 or earlier and includes both current and former AT&T account holders.
This isn’t the first time AT&T has had a massive data spill, either — the company’s exposed personal customer data in both March and April of 2024.
Those previous breaches, one of which affected about 73 million customers, raised questions about the company’s security and its use of at times antiquated software or at risk cloud databases.
Customers are encouraged to monitor all three of their credit reports closely (Experian, Equifax, TransUnion), place fraud alerts on their credit files, and consider credit freezes to prevent unauthorized account opening. And critically, reviewing bank and credit card statements for unusual activity.
The breach shines a light on fundamental, systemic weaknesses in telecommunications infrastructure, but also on the state of encryption among the largest players in a carrier-focused industry.
Cybersecurity experts expect this incident to bring greater regulatory scrutiny and potentially new data protection requirements for telecommunications carriers. AT&T has not formally established a customer notification system, but it has said it “will provide notification to affected customers” and provide credit monitoring if applicable.
