AT&T 2021 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
AT&T Telecom Breach (2021, Disclosed 2024): 49 Million Customer Records Including SSN, DOB & Government ID Exposed
Telecommunications company providing wireless, broadband, and related services.
Verified by ObscureIQ Intelligence
41/100Breach Risk Index
35Data Value
10Market Recency
769dSince Breach
Breach Intelligence Summary
Entity: AT&T · Actor: ShinyHunters · Sources: 6 references
Attack: Misconfiguration
Profile: Company · Telecommunications and media services · Network infrastructure provider · USA
Timeline: Breach (2021-08-20) · Indexed (Mar 19, 2024) · Year (2021)
Exposure: 49.1M records · 7 fields: Date of Birth, Email Address, Full Name, Government ID, Phone Number, Physical Address, Social Security Number
Status: Confirmed
Executive Summary
AT&T, one of the largest wireless carriers in the United States, suffered a breach of approximately 49 million customer records traced back to 2021. The hacking collective ShinyHunters first advertised the stolen data for sale in August 2021, but AT&T initially denied that any breach of its systems had occurred. The data was later released freely on a hacking forum in March 2024, at which point AT&T acknowledged the records were authentic and contained data fields specific to the company. Whether the breach originated within AT&T's own environment or through a vendor has not been conclusively determined, though AT&T has stated it found no evidence of a direct network intrusion. A server misconfiguration is the identified attack vector. The exposed data includes names, email addresses, physical addresses, dates of birth, phone numbers, Social Security numbers, and government-issued IDs. The combination of Social Security numbers and telecom account access creates acute risk. Attackers can use this data to impersonate victims with carriers, execute SIM swap attacks, and then use control of a phone number to bypass two-factor authentication on bank accounts, email, and other services. AT&T reset customer account passcodes after confirming the breach, an acknowledgment that those credentials were likely compromised as well. AT&T's delayed confirmation, spanning nearly three years from the initial sale of the data to public acknowledgment, drew regulatory and legal scrutiny. In September 2024, AT&T reached a $13 million consent settlement with the Federal Communications Commission over a related vendor breach from 2023, with commitments to improve data governance practices. Class action litigation tied to the broader pattern of AT&T data incidents was consolidated into multidistrict proceedings, with a $177 million settlement receiving judicial approval in 2025. For affected individuals, the risk of identity theft, account takeover, and SIM swap fraud remains ongoing given the sensitivity of the exposed credentials.
ObscureIQ assessment: Severe risk of phishing, SIM swap attacks, account takeover, and identity theft. Telecom access is especially dangerous because it can enable compromise of many unrelated services.
Breach Impact
AT&T initially denied the 2021 dataset was from its own systems when it first appeared for sale. It only acknowledged the breach in March 2024 when the full 73 million record corpus was made freely available. That delayed acknowledgment drew significant criticism and raised questions about the company's transparency obligations under breach notification law. In September 2024 AT&T reached a $13 million consent settlement with the FCC over a separate but related vendor cloud breach from 2023, committing to strengthen its data governance and supply chain oversight. Class action litigation related to the broader pattern of AT&T data incidents was consolidated into multidistrict proceedings, with a $177 million settlement receiving judicial approval in 2025.
About AT&T
AT&T is one of the largest telecommunications companies in the United States, providing wireless, broadband, and business communications services to tens of millions of customers nationwide. The company operates one of the country's largest wireless networks and has historically bundled telecom with media assets, though it has divested those holdings in recent years. AT&T is publicly traded and headquartered in Dallas, Texas.
Why They Hold Your Data
Telecommunications providers collect subscriber identity, phone numbers, service addresses, billing records, device data, SIM information, and account-management records across mobile and broadband services.
Recent Developments
AT&T has been reshaping itself into a pure-play connectivity company. In September 2024 it sold its remaining 70% stake in DirecTV to private equity firm TPG for approximately $7.6 billion, completing a full exit from the satellite television business it acquired in 2015. The company has publicly committed to focusing its investment on 5G wireless expansion and fiber broadband rollout. It has also faced sustained FCC regulatory scrutiny over its data handling practices across multiple incidents.
Data Points Exposed
7 verified field types
Date of Birth High
Email Address
Full Name High
Government ID Critical
Phone Number
Physical Address High
Social Security Number Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Critical
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Identity fraud with official bodies
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Home targeting, stalking & physical threat
- Full identity theft & synthetic identity fraud
Threat Actor: ShinyHunters
ShinyHunters
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the AT&T breach?▾
AT&T, one of the largest wireless carriers in the United States, suffered a breach of approximately 49 million customer records traced back to 2021. The hacking collective ShinyHunters first advertised the stolen data for sale in August 2021, but AT&T initially denied that any breach of its systems…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Full Name, Government ID, Phone Number, Physical Address, Social Security Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
Cross-source
BreachForums_Official_Index
Cross-source
Dehashed
Cross-source
LeakCheck.io
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation