What happened
According to public breach records, the AT&T data breach on August 20, 2021 is reported to have exposed the personal information of 49,102,176 accounts.
In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor. AT&T also proceeded to reset customer account passcodes, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.
In March 2024, a threat actor using the handle "MajorNelson" posted a dataset on a dark web criminal forum for free, crediting the group ShinyHunters who had first attempted to sell the same data in 2021. AT&T confirmed that AT&T-specific data fields were present in the released set, affecting roughly 7.6 million current and 65.4 million former account holders, with the records dating to 2019 or earlier. The leak was notable because it exposed permanent, unchangeable identifiers — government-issued IDs such as Social Security numbers and dates of birth — alongside names, email and mailing addresses and phone numbers; AT&T stated it had not determined whether the data originated from its own systems or from one of its vendors.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Government issued IDs
- Names
- Phone numbers
- Physical addresses
Breach details
| Detail | Value |
|---|---|
| Breach name | AT&T |
| Date | August 20, 2021 |
| Accounts affected | 49,102,176 |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by AT&T; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Place a credit freeze and fraud alert with all three credit bureaus — exposed government-issued IDs (Social Security numbers) plus dates of birth are permanent and enable new-account identity fraud.
- Reset your AT&T account passcode and any passwords reused elsewhere, and enable two-factor authentication on your AT&T and email accounts since account numbers and passcodes were in the dataset.
- Treat unexpected calls, texts, and emails referencing your AT&T account as likely phishing — the leak pairs your name, phone number, email, and address, making impersonation scams convincing. Verify any AT&T contact through official channels.
- Monitor your credit reports and consider an identity-monitoring service, as the combination of full name, address, DOB, and SSN is enough for sustained fraud attempts.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- AT&T confirms legitimacy of leak involving information of 73 million people — The Record
- AT&T confirms 73 million people affected by data breach — Malwarebytes
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →