TL;DR: A dataset circulating since February 2, 2026 contains AT&T customer data that's been merged, cleaned, and enriched over time. It now includes 176 million records with up to 148 million Social Security numbers, 133 million full names and addresses, and 132 million phone numbers. The original 2024 breaches were bad. This version is worse. Criminals have everything they need in one place to steal your identity, hijack your accounts, or file fake tax returns in your name.

Breach Data Doesn't Die, It Evolves

Malwarebytes reported on February 2, 2026 that recycled AT&T breach data is now circulating with significantly more damage potential than when it first leaked.[1]

The original breaches happened in 2024. On March 30, 2024, AT&T announced that customer data had been released on the dark web. Then on July 12, 2024, a second incident revealed that data had been downloaded from a third-party cloud platform hosted by Snowflake.[2]

Back then, the number was 73 million affected customers. Now it's 176 million records.

This is how breach data works: it doesn't stay static. Criminals merge datasets. They clean up formatting. They cross-reference against other breaches. They decrypt encrypted fields. They fill in missing details.

Old breach data becomes more dangerous over time, not less.

What's In the Dataset

According to Malwarebytes, the current dataset includes:[1]

  • 148 million Social Security numbers: Full SSNs and last four digits, many now decrypted that were previously encrypted
  • 133 million full names and street addresses
  • 132 million phone numbers
  • 131 million email addresses
  • 75 million dates of birth

When a criminal can look up one person and see name, full address, phone, email, complete SSN, and date of birth all in one place, Malwarebytes describes it as "a Swiss Army knife" for attacks.[1]

This isn't just "annoying." This is everything needed for:

  • Opening credit cards and loans in your name
  • Filing fraudulent tax returns before you do
  • Porting your phone number to a criminal's SIM (SIM-swap attacks)
  • Passing identity verification for your accounts
  • Crafting personalized phishing that references your real details

The Settlement Won't Cover This

AT&T agreed to pay $177 million (figure not on the cited settlement site) to settle class action lawsuits from the 2024 breaches.[2]

The claims deadline passed on December 18, 2025. Final approval hearing was January 15, 2026. Checks are supposed to go out in spring 2026 (the settlement site does not confirm a spring 2026 distribution date - it says distribution begins only after court approval + appeals + claim review).[2]

But here's the problem: that settlement covers documented losses up to $5,000 for the first breach class and $2,500 for the second.[2]

The real damage hasn't happened yet. Criminals who buy this data today can use it for years. Identity theft from this breach will continue long after the settlement checks clear.

And if your data was in the original breach but you didn't file a claim? You're not getting anything, but you're still exposed.

What AT&T Customers Should Do Now

Freeze Your Credit

With Equifax, Experian, and TransUnion. This prevents anyone (including you) from opening new credit in your name without unfreezing first. It's free. Do it today.

Set Up IRS Identity Protection

Get an IRS Identity Protection PIN. This prevents criminals from filing tax returns in your name. You'll need the PIN to file your own taxes.

Use Phishing-Resistant MFA

Hardware security keys (FIDO2-compliant) beat SMS codes. If criminals have your phone number, they can intercept SMS. Hardware keys can't be intercepted.

Monitor Your Accounts

Set up alerts for credit inquiries, new accounts, and address changes. Services like Credit Karma are free. Check them regularly.

Additional steps:

  • Change your AT&T account password: Use a unique, strong password you don't use anywhere else
  • Check Have I Been Pwned: Enter your email at haveibeenpwned.com to see if you're in the breach database
  • Be suspicious of contacts using your personal details: Scammers will use real data to seem legitimate
  • Set up SIM PIN with your carrier: Prevents SIM-swap attacks without knowing the PIN
  • Review your credit report: Free weekly reports at annualcreditreport.com; look for accounts you didn't open

The Data Recycling Problem

AT&T isn't special here. This happens to every major breach.

Data from the 2017 Equifax breach is still being used. The Yahoo breaches from 2013-2014 still fuel credential stuffing attacks. Old data gets merged with new breaches, creating comprehensive profiles that get more valuable over time.

The original AT&T breach announcement said 73 million affected. Now it's 176 million records. That's not because more people were breached: it's because criminals have been working with the data, enriching it, making it more useful.

There's no statute of limitations on stolen data. If you were ever an AT&T customer, assume your information is out there. Protect yourself accordingly.

References

  1. Malwarebytes - AT&T breach data resurfaces with new risks for customers
  2. AT&T Data Incident Settlement - Official Settlement Website