A threat actor has allegedly leaked sensitive data belonging to telecommunications giant AT&T, claiming to possess 31 million customer records totaling 3.1GB of information available in both JSON and CSV formats.
The alleged breach was posted on a prominent dark web forum in late May 2025, raising concerns about the security of customer data at one of America’s largest telecommunications providers.
Breach Exposes 31 Million Customer Records
According to cybersecurity researchers analyzing the claimed breach, the leaked sample data contains extensive personal information from AT&T customers.
.png
)
The compromised dataset allegedly includes full customer names, genders, dates of birth, tax identification numbers, device IDs, cookie IDs, IP addresses, complete physical addresses, phone numbers, and email addresses.
This comprehensive collection of personally identifiable information (PII) represents a significant potential privacy breach if verified.
The threat actor posted the data on what researchers describe as a well-known hacker forum, with the complete dataset purportedly containing 31 million sensitive user records.
Cybersecurity monitoring platform DarkEye detected the alleged breach and reported that the data is being distributed in structured formats commonly used for data analysis and exploitation by malicious actors.
This alleged incident adds to AT&T’s cybersecurity history, as the company has experienced multiple confirmed data breaches in recent years.
In March 2024, AT&T disclosed that personal data from 73 million current and former customers had been leaked on the dark web, including Social Security numbers and other sensitive information.
Just months later, in July 2024, the company confirmed another massive breach affecting call and text records of nearly 110 million customers.
The July 2024 incident was particularly significant as it involved metadata from customer communications, including phone numbers contacted, call durations, and location data from cell towers.
That breach was linked to compromised Snowflake cloud storage accounts, highlighting vulnerabilities in third-party cloud infrastructure.
If the current 31 million record claim proves authentic, it would represent another serious privacy violation for AT&T customers.
The combination of tax IDs, device identifiers, and personal information could enable identity theft, financial fraud, and sophisticated social engineering attacks.
AT&T has not yet publicly responded to the latest allegations, and the company’s investigation status remains unclear as cybersecurity experts continue analyzing the available evidence.
Try in-depth sandbox malware analysis for your SOC team. Get ANY.RUN special offer only until May 31 -> Try Here
