Over 86 million AT&T customers have had their personal data compromised in a significant data breach, with Social Security numbers that were fully decrypted now available on the dark web.

The stolen data was posted to a Russian cybercrime forum on June 3. 

The files contain full names, birthdates, phone numbers, email addresses, home addresses, and 44 million Social Security Numbers in plain text. 

The breach is believed to be associated with a large cyberattack that targeted vulnerabilities within Snowflake, a cloud storage platform widely utilized by major corporations for handling confidential information.

According to reports, hackers managed to breach AT&T’s data by exploiting accounts that did not have multi-factor authentication, which is a fundamental security measure necessitating more than just a password for access.

To check if your data was exposed in the breach, visit the cybersecurity firm’s website at npd.pentester.com. Enter your information to see if any of your accounts were affected.

Security researchers are urging customers to monitor their credit reports and take immediate steps to protect themselves. Law enforcement is actively investigating. 

The files are being widely shared across cybercrime forums, repackaged into three cleanly formatted CSV files that make them easier to access and exploit.

The files contain full names, birthdates, phone numbers, email addresses, home addresses, and alarmingly, 44 million Social Security Numbers (SSN) in plain text

AT&T said the hack impacted 86 million former and current customers. It said the Russian hacking group ShinyHunters was behind the breach. 

Around 73m customers included in the hack had their data originally stolen in 2019 and were notified at the time.

However, the group appears to have accessed more records since then. 

‘After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web,’ said AT&T in a statement. 

‘Affected customers were notified at that time. We have notified law enforcement of this latest development,’ the spokesperson added.

Cybersecurity researchers at Hackread, who first analyzed the files, found matching customer names, email addresses, physical addresses, and phone numbers across both the previous leak and the latest dataset. 

The leak has been linked to the hacking group ShinyHunters, which claims to have stolen the data.

Security researchers are urging customers to monitor their credit reports and take immediate steps to protect themselves. Law enforcement is actively investigating

ShinyHunters, the group linked to both AT&T breaches, is also behind the recent Ticketmaster breach that compromised data on 560 million people. 

Their growing list of high-profile leaks has prompted US lawmakers to demand answers.

Senators Richard Blumenthal (Connecticut) and Josh Hawley (Missouri) have called on both AT&T and Snowflake to explain repeated failures to protect customer data.

Experts say the exposure of decrypted SSNs and birthdates is especially damaging, as it enables criminals to open credit lines, impersonate victims, or apply for government services using stolen identities.

‘The original breach of sensitive records from AT&T was enough to worry their customers, now it poses a significant risk to their identities,’ said Thomas Richards, Infrastructure Security Practice Director at Black Duck.

AT&T paid a $370,000 ransom last year, in an attempt to have stolen customer data deleted. The payment, made in Bitcoin, was routed through an intermediary known as ‘Reddington.’

AT&T reportedly received a video showing the files being deleted, but experts say there’s no way to confirm the data wasn’t copied or shared before that.