AT&T customers should be aware that sensitive information, including birth dates and social security numbers, has resurfaced online in plain text. This data, originally stolen in a significant breach in 2024, was noted to have been compromised by the ShinyHunters hacking group, which exploited security vulnerabilities to gain access to the company’s database containing approximately 86 million records. In a recent update, AT&T clarified that, contrary to earlier reports, the customers’ sensitive data was not encrypted when it was originally stolen.
This revelation underscores the severity of the breach and the ongoing risks to affected customers. Although AT&T provided a year of credit monitoring and identity theft protection to individuals whose personal information was compromised, this protection is about to expire. Once the free monitoring period ends, customers who do not choose to extend their service may be left vulnerable, especially with the repackaged database still circulating online.
The leaked information includes full names, birth dates, phone numbers, email addresses, physical addresses, and around 44 million social security numbers. Cybercriminals can use this data to create customer profiles that facilitate identity theft and other fraudulent activities. By exploiting this information, hackers can potentially request new SIM cards, enabling them to take control of victims’ mobile accounts and access financial details.
AT&T has acknowledged the situation, stating that it is not unusual for criminals to repackage stolen data for financial gain. The company is conducting a full investigation and has informed law enforcement about the resurgence of this compromised data. In light of these developments, it is advisable for AT&T customers to update passwords related to their accounts and establish fraud alerts to strengthen their security against potential malicious attacks.