Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Feb 06, 2026 · 5 min read

AT&T Breach Data Resurfaces—176 Million Records With Your SSN Are Now for Sale

A massive dataset containing 148 million Social Security numbers is circulating among criminals. If you've ever been an AT&T customer, you need to act now.

Smartphone surrounded by floating personal documents being stolen representing data breach

If you've ever had an AT&T phone, internet service, or wireless account, there's a very good chance your Social Security number is now in criminal hands.

A massive dataset containing approximately 176 million AT&T customer records has been circulating privately among hackers since February 2, 2026. This isn't just another breach of email addresses—the data includes up to 148 million Social Security numbers, making it one of the most dangerous customer data exposures in recent memory.

The dataset appears to be an aggregation of AT&T customer information gathered over years of service, creating a comprehensive profile of millions of Americans that criminals can exploit for identity theft, SIM swapping, and targeted phishing attacks.

What Data Was Exposed

The numbers are staggering:

  • 148 million Social Security numbers: Full and partial SSNs
  • 133 million full names and addresses: Current and historical
  • 132 million phone numbers: The key to SIM swap attacks
  • 131 million email addresses: Targets for phishing campaigns
  • 75 million dates of birth: Combined with SSN, enables full identity theft

This is essentially a complete identity theft kit for 100+ million Americans. Criminals don't need to piece together information from multiple sources—they have everything in one place.

Why This Breach Is Different

Most data breaches expose one or two pieces of information—an email here, a password hash there. The danger of this AT&T dataset is data enrichment: all your sensitive information is linked together in a single record.

When attackers can look up a single person and see their name, full address, phone number, email, complete or partial SSN, and date of birth in one place, the risk shifts from annoying to catastrophic. Security researchers note that this kind of enriched data enables:

  • Convincing phishing: Scammers can reference your real address, account details, and personal information to make fake emails seem legitimate
  • SIM swap attacks: With your SSN and personal details, criminals can convince carriers to transfer your phone number to their device, intercepting your 2FA codes
  • Full identity theft: SSN + date of birth + address is everything needed to open credit cards, file false tax returns, or take out loans in your name
  • Account takeover: Security questions often ask for information in this dataset—mother's maiden name can sometimes be derived from other records

The SIM Swap Threat

One of the most immediate dangers from this breach is SIM swapping. Here's how it works:

A criminal calls AT&T (or your current carrier) pretending to be you. They provide your SSN, date of birth, and address to "verify" their identity. They claim they lost their phone and need their number transferred to a new SIM card. Once successful, they receive all your calls and texts—including the two factor authentication codes that protect your bank accounts, email, and cryptocurrency wallets.

SIM swap attacks have drained millions of dollars from victims' accounts. With 132 million phone numbers now paired with SSNs and personal details, the potential for these attacks has exploded.

What to Do Right Now

If you've ever been an AT&T customer, assume your data is in this dataset. Take these steps immediately:

  • Freeze your credit: Contact Equifax, Experian, and TransUnion to place security freezes. This prevents anyone from opening new accounts in your name.
  • Add a PIN to your mobile account: Contact AT&T (or your current carrier) and add a PIN or password requirement for any account changes. This makes SIM swapping much harder.
  • Switch to app based 2FA: Stop using SMS for two factor authentication wherever possible. Use authenticator apps like Authy or Google Authenticator, or better yet, hardware keys like YubiKey.
  • Monitor your credit reports: Set up alerts at annualcreditreport.com and check regularly for accounts you didn't open.
  • File an IRS Identity Protection PIN: Prevent tax fraud by getting an IP PIN at irs.gov/ippin.
  • Be extremely suspicious of communications: Scammers will use your real information to make phishing emails and calls convincing. Verify everything through official channels you initiate.

The Bottom Line

This isn't a theoretical risk. 176 million records with Social Security numbers are actively circulating among criminals who know exactly how to monetize them. The attacks are coming—some have likely already started.

Don't wait for AT&T to notify you. Don't wait for a suspicious charge on your credit card. Freeze your credit, secure your phone account, and switch to stronger authentication methods today. The criminals have your data—your job now is to make it useless to them.