22 Jun

AT&T Data Leaks: What You Should Know

Data breaches have become an alarming concern for individuals and businesses alike.

Among the notable incidents, the AT&T data leak stands out due to its impact on millions of customers. First surfacing in 2021, the leaked database exposed personal information and revealed vulnerabilities in the company’s data security practices.

Whether you’re a current customer or former account holder, this article details the AT&T data breach, the personal information compromised, and steps you can take to protect yourself.

All you need to know about the AT&T Data Leaks

The AT&T data spill can be traced back to 2021.

A well-known hacker named Shiny Hunters claimed to have stolen customer data from the company. The hacker posted a sample of the database for sale on a cybercrime forum at a starting price of $200,000.


Source: BleedingComputer

The shared sample proved that the database contains valid personal information belonging to AT&T customers, as confirmed by an anonymous security researcher. However, the hacker didn’t reveal any details about how the database was acquired.

BleepingComputer, an information security and technology publication, contacted AT&T to confirm the hacker’s claims. However, the company denied the breach and said the data was not from their systems.

Fast forward to March 2024, another threat actor named MajorNelson posted the same database for sale on an online cybercrime forum.

Again, AT&T firmly denied any compromise of their systems. The company found no evidence of a data breach and did not say whether or not the data could have possibly originated from a third-party vendor.

On March 30th, 2024, AT&T mass-reset customer passcodes after a security researcher discovered that the encrypted passcodes in the leaked data could be easily deciphered.

The US telco giant then launched a robust investigation and released a public statement confirming the data leak on the dark web, which affected over 70M customer records. This statement comes three years after Shiny Hunters initially uploaded the stolen data for sale.


Source: AT&T

Of the 76 million account holders affected, 7.6 million were current customers, while 65.4 million were former customers.

The acquisition source of the leak, whether from AT&T itself or one of its third-party service providers, remains unknown.

This situation has led many businesses to reconsider their data protection strategies. For those in the Milwaukee area, working with a Wauwatosa Marketing Company can be a great way to enhance your digital security and marketing efforts simultaneously.

What personal information was stolen?

The initial stolen database contained customers’ personal information such as full name, email address, date of birth, mailing address, phone number, social security number (SSN), and AT&T account number.

In addition, the recent dataset leaked in 2024 contained decrypted account passcodes, according to TechCrunch. These passcodes are four-digit numerical PINs used to grant secure access to AT&T customer accounts, whether online or in retail stores.

No financial or call history information was stolen.

How to check if your data was breached

If you were among those compromised, AT&T should have contacted you about the security breach.

According to its public statement, the company said it would communicate the situation via email or letter to the 76 million current and former customers affected. The email would contain details explaining the incident, what information was compromised, and its response to the leak.

You can also use the Have I Been Pwned website or Malwarebytes’s Digital Footprint Portal to check if your data is exposed in the AT&T leak.

If you manage your personal information and passwords in a Google account, the Password Checkup tool can alert you if your account information has been exposed. A password manager like Bitwarden can also help you check for stolen passwords online.

What are the top 2024 Data Leaks?

Over 20 major security breaches have occurred in 2024, and here are some of them.

Trello Data Breach – January 2024

This leak occurred in January 2024 and exposed personal information from over 15 million users of the project management platform. The compromised data includes email addresses, names, and usernames.

Bank of America Data Breach – February 2024

This breach occurred due to ransomware attacks targeted at one of the bank’s service providers. Over 57,000 customers were impacted by this attack. The compromised dataset includes name, address, social security number (SSN), birth date, and banking information.

Fujistu Data Breach – March 2024

Multinational IT company Fujistu also suffered a cyber-attack after malware was discovered on some work computers. Files containing customer information were stolen in the data breach.

Roku Data Breach – May 2024

The streaming provider suffered a data breach that affected about 576,000 customers and exposed their personal information.

Dell Data Breach – May 2024

In May, hackers attacked Dell’s customer portal and stole customer information. Data compromised from the breach included customers’ home addresses and order information. Around 49 million customers were affected.

How often should I reset my password?

When you suffer a data breach, the best line of defense is a password change.

But how frequently do you set a new password to ensure hackers have a hard time gaining access to your account?

Most cybersecurity experts recommend you reset your password every three months. However, there are some situations when you might have to change your password immediately.

Common situations where you’ll want to act fast and change your password immediately include whenever:

  • Someone hacked or gained unauthorized access to your account
  • Your online service suffers a data breach
  • You use an insecure network such as a public Wi-Fi
  • Your antivirus or computer maintenance tool detects malware on your computer
  • You no longer share an account with a third party

What are the best practices to secure your online safety?

Using the internet exposes you to several potential threats that can harm your data or devices.

Here are some internet safety best practices to follow to prevent the danger of a cyber attack or data breach.

Secure, trusted internet connection

Avoid using public Wi-Fi when you’re out in a public space. You have no direct control of the network’s security and can be at risk of cyber attacks. But if you have no other choice, ensure you use a virtual private network (VPN) before connecting.


Source: Glenn Carstens-Peters


Another internet safety practice is using a quality antivirus to clean and maintain your computer routinely. The security software will protect your device from common cyber threats.

Multi-factor authentication

Multi-factor authentication (MFA) allows your online services to ask for two or more verification methods before providing access. Enabling it will keep you safe online and reduce the risk of a cyber attack.

Strong passwords

When creating a password, ensure it is strong enough for hackers to access your accounts. The password should be hard to guess, used for only one account, and should contain at least 12 characters with one uppercase, one lowercase, one number, and a unique character.

Suspicious links

Links from untrusted sources, spam emails, or ads can infect your device with malware and compromise your data. So be careful and avoid clicking links from online sources you’re unsure of.