Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response
Leaked Records Include Names, Decrypted Social Security Numbers and Addresses
Hackers released 86 million AT&T records containing decrypted Social Security numbers and personal data detailed enough to build full identity profiles for fraud and identity theft, researchers said Wednesday.
See Also: On Demand | Global Incident Response Report 2025
The leak included nearly 44 million Social Security numbers, full names, physical addresses and dates of birth, along with other personally identifiable information that poses serious privacy risks, Hackread reported. The data trove, which the hacking group ShinyHunters reportedly stole, was re-uploaded Tuesday to a popular Russian cybercrime forum where it was first posted. Wired reported in July 2024 that AT&T paid a hacker about $270,000 to delete the data (see: AT&T Allegedly Pays Ransom After Snowflake Account Breach).
An AT&T spokesperson said in a Thursday email that “it is not uncommon for cybercriminals to re-package previously disclosed data for financial gain.” The telecom giant, the spokesperson said, “just learned about claims that AT&T data is being made available for sale on darkweb forums, and we are conducting a full investigation.”
Cybersecurity experts said breaches of this scale often stem from multiple root causes and cascading security failures. According to the researchers, the threat actor behind the latest leak claimed that birth dates and Social Security numbers once encrypted have now been exposed in plain text, putting AT&T customers at heightened risk of exploitation.
The original breach of sensitive AT&T records already raised concerns among customers, but now it poses a serious threat to their identities, said Thomas Richards, infrastructure security practice director at application security firm Black Duck.
“With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers,” Richards said in a statement sent to Information Security Media Group.
It remains unclear whether the threat actor behind the latest leak is linked to the ShinyHunters hacking group. Researchers said the database released in April 2024 was a “poorly structured mess” with loosely organized data, while the newly exposed records are “well-structured, clearly formatted and straightforwardly divided into three CSV files, making it easy to understand what each field represents.”
ShinyHunters has been described as a “prolific cybercrime group” tied to major breaches of popular e-commerce and dating sites in 2021, as well as exposing over 550 million user records in 2020 (see: Data Breaches: ShinyHunters’ Dominance Continues).
Trey Ford, CISO of Bugcrowd, took news of the breach as an opportunity to proselytize for a new system of individual identification not based on Social Security numbers. A static identifier is a tantamount to an invitation for identity theft, he argued. “It is time to consider the SSN a part of public record, just like your name, address and phone number, and institute a central and federated technical control system for authenticating and authorization the use of identity records,” he said.