AT&T's Stolen Customer Data Resurfaces: New Dangers Lurk for Millions

February 3, 2026 at 02:44 PM UTC

AT&T's Stolen Customer Data Resurfaces: New Dangers Lurk for Millions

Hackers are dusting off old AT&T customer data from breaches dating back to 2019, exposing millions to fresh threats like identity theft and targeted scams.^[3]^[4] This resurgence, highlighted by cybersecurity firm Malwarebytes, shows how stolen information never truly dies - it circulates endlessly online, fueling new attacks.^[3] If you're an AT&T customer, past or present, your personal details could be weaponized right now.

Background/Context

AT&T has battled multiple data incidents over the years. In 2021, a hacking group called ShinyHunters claimed to steal data from AT&T and tried selling it for $1 million on cybercrime forums.^[3]^[4]

That dataset included names, addresses, phone numbers, dates of birth, email addresses, and even Social Security numbers for over 70 million accounts.^[2]^[3] Fast-forward to March 2024: another hacker, MajorNelson, dumped a massive 5GB archive of the same data publicly - not hidden on the dark web, but accessible via any browser.^[2]^[3]

AT&T initially denied the data came from its systems.^[3]^[5] But after security researchers found valid AT&T passcodes in the files, the company admitted on March 30, 2024, that it impacted 7.6 million current and 65.4 million former customers, likely from 2019 or earlier.^[2]^[5] They reset passcodes for affected accounts and offered credit monitoring.^[5]

A separate breach hit in July 2024 via a third-party cloud platform, Snowflake. Hackers accessed call and text metadata for nearly all AT&T mobile customers from May to October 2022, plus January 2, 2023 - including cell tower locations but no call content.^[1]^[4] AT&T paid a $373,646 ransom to ShinyHunters to delete this data.^[1]

These events tie into broader telecom vulnerabilities. Stolen data from years ago often resurfaces as hackers decrypt files or combine datasets for bigger payloads.^[3]^[4]

Main Analysis

Malwarebytes warns that this old data is "resurfacing" with amplified risks because it's now fully decrypted and freely available.^[3]^[4] The 2021/2019 dataset, once encrypted, now includes unscrambled Social Security numbers and dates of birth for most records.^[3]

Security experts verified chunks of the data as legitimate AT&T customer info.^[3]^[7] Combined with the 2024 Snowflake metadata, attackers can link phone numbers to names, locations, and habits - piecing together daily routines.^[1]

AT&T's response evolved slowly. They launched investigations with external experts but found "no evidence of unauthorized access" initially.^[5]^[7] By April 2024, they confirmed the 73 million affected.^[4] In the Snowflake case, they sealed vulnerabilities and enhanced protocols like multifactor authentication (MFA).^[1]

Lawsuits piled up fast. A class action accused AT&T of negligence for weak Snowflake security - no MFA in place.^[1] Hackers faced arrests over the Snowflake breach.^[4]

Malwarebytes offers a free Digital Footprint Portal tool: enter your email to scan for exposure in this breach.^[4] It's a quick check showing if your data leaked and from where.

No code snippets are needed here, but practically, if scammers have your Social Security number and call logs, they might spoof your phone for SIM-swapping attacks - hijacking your number to drain bank accounts.

Real-World Impact

Over 73 million people - nearly all AT&T mobile users at some point - face ongoing harm.^[2]^[4] Identity theft spikes: thieves use names, SSNs, and addresses for fake loans or tax fraud.^[4]^[6]

Scammers target with neighbor spoofing, using leaked phone metadata to fake local calls pushing phishing links.^[1]^[3] Location data from cell towers reveals home/work spots, enabling stalking or burglaries.^[1]

Financially, AT&T agreed to a $177 million settlement in 2025 for both breaches.^[4]^[6] Affected customers could claim up to $7,500, covering out-of-pocket losses, credit monitoring, and time spent.^[6] A federal judge granted preliminary approval; final hearing was January 15, 2026.^[6]

Washington stepped in too - investigations and lawsuits highlight telecoms' sloppy vendor security.^[1] Everyday users waste hours freezing credit or spotting fake bills, eroding trust in big carriers.

Different Perspectives

AT&T maintains the data might stem from vendors, not direct hacks.^[5]^[7] They dispute negligence claims, settling to dodge litigation costs, and insist operations weren't materially hit.^[5]^[6]

Critics like law firms and Malwarebytes call this denial tone-deaf.^[2]^[3]^[4] Cotchett, Pitre & McCarthy notes AT&T delayed disclosure despite evidence circulating since 2021.^[2] Wired exposed the ransom payment, questioning if it encouraged more attacks.^[1]

Experts side with users: even old data is dangerous when combined.^[3]^[7] DefenseStorm urges proactive steps like credit freezes regardless of AT&T's source debate.^[7]

Key Takeaways

Check exposure now: Use Malwarebytes' free Digital Footprint Portal or visit att.com/accountsafety to scan for leaks and claim settlement funds.^[4]^[5]
Secure accounts: Enable MFA everywhere, reset passcodes if affected, and freeze credit with Equifax/TransUnion/Experian.^[1]^[5]
Monitor closely: Watch for phishing using your real details - report suspicious calls to AT&T and FTC.^[3]^[6]
Demand better: Telecom breaches show vendor risks; push carriers for end-to-end encryption on metadata.^[1]^[4]
Act fast on settlements: $177M pot means quick claims could yield $100+ per person - deadlines loom post-2026 approval.^[4]^[6]