AT&T Data Breach
AT&T Telecom Breach (2021, Disclosed 2024): 49 Million Customer Records Including SSN, DOB & Government ID Exposed
Telecommunications company providing wireless, broadband, and related services.
Risk Interpretation
Severe risk of phishing, SIM swap attacks, account takeover, and identity theft. Telecom access is especially dangerous because it can enable compromise of many unrelated services.
Impact & Downstream Threats
AT&T initially denied the 2021 dataset was from its own systems when it first appeared for sale. It only acknowledged the breach in March 2024 when the full 73 million record corpus was made freely available. That delayed acknowledgment drew significant criticism and raised questions about the company's transparency obligations under breach notification law. In September 2024 AT&T reached a $13 million consent settlement with the FCC over a separate but related vendor cloud breach from 2023, com
- Identity theft and synthetic identity construction using government-issued IDs
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
AT&T, one of the largest wireless carriers in the United States, suffered a breach of approximately 49 million customer records traced back to 2021. The hacking collective ShinyHunters first advertised the stolen data for sale in August 2021, but AT&T initially denied that any breach of its systems had occurred. The data was later released freely on a hacking forum in March 2024, at which point AT&T acknowledged the records were authentic and contained data fields specific to the company. Whether the breach originated within AT&T's own environment or through a vendor has not been conclusively determined, though AT&T has stated it found no evidence of a direct network intrusion. A server misconfiguration is the identified attack vector. The exposed data includes names, email addresses, physical addresses, dates of birth, phone numbers, Social Security numbers, and government-issued IDs. The combination of Social Security numbers and telecom account access creates acute risk. Attackers can use this data to impersonate victims with carriers, execute SIM swap attacks, and then use control of a phone number to bypass two-factor authentication on bank accounts, email, and other services. AT&T reset customer account passcodes after confirming the breach, an acknowledgment that those credentials were likely compromised as well. AT&T's delayed confirmation, spanning nearly three years from the initial sale of the data to public acknowledgment, drew regulatory and legal scrutiny. In September 2024, AT&T reached a $13 million consent settlement with the Federal Communications Commission over a related vendor breach from 2023, with commitments to improve data governance practices. Class action litigation tied to the broader pattern of AT&T data incidents was consolidated into multidistrict proceedings, with a $177 million settlement receiving judicial approval in 2025. For affected individuals, the risk of identity theft, account takeover, and SIM swap fraud remains ongoing given the sensitivity of the exposed credentials.
About AT&T
AT&T is one of the largest telecommunications companies in the United States, providing wireless, broadband, and business communications services to tens of millions of customers nationwide. The company operates one of the country's largest wireless networks and has historically bundled telecom with media assets, though it has divested those holdings in recent years. AT&T is publicly traded and headquartered in Dallas, Texas.
Why They Hold Your Data
Telecommunications providers collect subscriber identity, phone numbers, service addresses, billing records, device data, SIM information, and account-management records across mobile and broadband services.
Recent Developments
AT&T has been reshaping itself into a pure-play connectivity company. In September 2024 it sold its remaining 70% stake in DirecTV to private equity firm TPG for approximately $7.6 billion, completing a full exit from the satellite television business it acquired in 2015. The company has publicly committed to focusing its investment on 5G wireless expansion and fiber broadband rollout. It has also faced sustained FCC regulatory scrutiny over its data handling practices across multiple incidents.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, government_id, phone_number, physical_address, physical_address:home, ssn
Dark Web Verification
- Dataset containing ~49.1M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: AT&T Data Breach;att.com-2021
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of AT&T
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam