AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach

Telecommunications giant AT&T denied any connection to a database of stolen information that included the Social Security numbers of 23 million Americans.

First reported by Brian Krebs, Milwaukee cybersecurity company Hold Security said it found a 3.6 GB file on a dark web platform that contained Social Security numbers and information belonging to 23 million people. 

The security company told Krebs that there is a trove of evidence tying the database to AT&T, including email addresses ending with “att.net,” “SBCGLobal.net” or “Bellsouth.net” as well as links to an obscure AT&T broadband service and location data tying the information to the 21 states where AT&T operates.

An AT&T spokesperson told The Record that the information “does not appear to have come from” their systems, adding that it “may be tied to a previous data incident at another company.”

“It is unfortunate that data can continue to surface over several years on the dark web. However, customers often receive notices after such incidents, and advice for ID theft is consistent and can be found online,” the spokesperson said. 

The spokesperson added that the batch of data has “surfaced several times over the years and based on our continued forensic analysis it does not appear it came from us.”

“It may be associated with a previous data incident at a credit agency. Potentially affected customers would have received a notice at that time, directing them to the credit agency for more information. We have a dedicated team that does forensic analysis on data such as this and based on that work we can determine if data originates from us or somewhere else.”

AT&T did not clarify what they meant and did not respond to requests for comment about what credit agency may have been breached.

But last year, BleepingComputer reported on well-known hacking group ShinyHunters selling a database of stolen information on a dark web forum that had the sensitive information of more than 70 million AT&T customers.

AT&T similarly denied that that breach was connected to their customers but the hacker confirmed to the news outlet that the data was stolen from the telecommunications company. The database was being auctioned off for $200,000 or an immediate sale price of $1 million. 

DataBreaches.net noted two weeks ago that an alleged member of ShinyHunters was arrested in Morocco after an Interpol red notice was issued following a request from a Washington State prosecutor.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.