A massive trove of customer information tied to previous breaches involving telecommunications giant AT&T has begun circulating again in underground criminal communities — and experts warn that its scale and richness make it far more dangerous now than when it first appeared.

Millions of Records Contain Deeply Personal Details

The data set, which has been shared privately among threat actors since early February 2026, reportedly contains around 176 million individual records related to current and former AT&T customers.

Included in this dataset are:

• Up to 148 million Social Security numbers, including full nine-digit numbers and truncated versions;
• More than 133 million full names and street addresses;
• Over 132 million phone numbers;
• Dates of birth for roughly 75 million people;
• More than 131 million email addresses.

This kind of data, all tied to the same individuals, isn’t just “contact info.” It forms a detailed identity profile criminals can use for high-impact attacks, such as identity theft, fraud and elaborate social engineering.

Why the Risk Is Now Higher

On their own, individual data points like a phone number or email address are inconvenient but manageable risks — spam, robocalls, or phishing attempts. When combined into comprehensive profiles that include full names, addresses, birth dates and Social Security numbers, that dataset becomes far more powerful.

That’s because many institutions — banks, mobile carriers, and government agencies — still use these very details for identity verification. With them in hand, attackers can convincingly impersonate real customers.

How Criminals Can Exploit the Data

Security researchers emphasize several ways the resurfaced dataset can be abused:

• Highly convincing AT&T-branded phishing campaigns, using correct names, partial SSNs or real contact details to gain trust.
• SIM-swap attacks and account takeovers, where a fraudster convinces a carrier to assign a victim’s phone number to a device controlled by the attacker.
• Long-term identity fraud, such as opening financial accounts, loans or credit lines using stolen personal data.

Experts note that this dataset is not necessarily the result of a new hack, but rather a more complete, merged and enriched version of previously exposed breach data. Over time, separate pieces of earlier leaks can be combined by criminals to create more complete profiles — and those enhanced data sets are typically more dangerous because they’re easier to use for real-world fraud.

What Customers Can Do Now

For anyone who has ever been an AT&T customer, the warning is clear: the data may already be circulating without your knowledge, so it’s important to take proactive steps to protect your identity:

1. Enable multi-factor authentication (MFA) on all sensitive online accounts, especially those tied to financial or personal information.
2. Lock down your AT&T account with strong passcodes and security questions.
3. Be extra cautious with any AT&T-related contact, including text messages, emails or phone calls — attackers can use your real details to appear legitimate.
4. Consider credit monitoring and identity theft protection services that can warn you if your data shows up where it shouldn’t.

The reappearance of this data underlines an uncomfortable truth about digital privacy: once personal information is leaked, it can continue to be repurposed by criminals long after the initial breach.