Cyber crooks have leaked the AT&T database, which was reportedly stolen by the ShinyHunters group in April 2024 after they exploited major security flaws in the Snowflake cloud data platform.
The leaked database, containing 70 million customer records with fully decrypted Social Security Numbers, surfaced on Russian cybercrime forums in May 2025.
The breach represents a serious escalation in data exposure, as the leaked information includes complete identity profiles containing full names, dates of birth, phone numbers, email addresses, physical addresses, and critically, 44 million Social Security Numbers in plain text format.
Security researchers emphasize that these SSNs were previously encrypted but have now been fully decrypted, creating unprecedented risk for identity theft and fraud.
The timeline of AT&T's data security challenges reveals a pattern of repeated compromises.
Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from.
— vx-underground (@vxunderground) March 17, 2024
Regardless, upon review we can confirm the stolen data is legitimate.
In August 2021, ShinyHunters first claimed to possess a database of 70 million AT&T customer records, which the company initially denied originated from their systems. However, AT&T acknowledged this breach in April 2024, admitting it affected approximately 7.6 million current and 65.4 million former account holders with data dating to 2019 or earlier.
Additionally, AT&T experienced a separate major breach in April 2024 when hackers accessed their Snowflake cloud environment, compromising call and text metadata of nearly 110 million customers. This attack was part of a broader campaign targeting over 160 Snowflake customers, with AT&T reportedly paying approximately $370,000 in Bitcoin ransom to have stolen data deleted.
The latest leak's authenticity remains under investigation, as researchers noted discrepancies between the claimed 70 million records and the actual 86 million unique entries discovered.
While the database structure differs from previous Snowflake-related breaches, the systematic decryption of previously encrypted SSNs and matching customer information across multiple leaks suggests sophisticated threat actor capabilities.
AT&T has not yet officially confirmed whether this latest dataset represents new compromised information or is connected to previously disclosed incidents. The company's response is pending as cybersecurity experts continue analyzing the scope and implications of this extensive data exposure for affected customers.