Nearly two years after AT&T disclosed a major data breach, the incident has returned in far more dangerous form. An “enriched” version of the original dataset has resurfaced on dark-web channels, dramatically expanding both its size and its potential for abuse.
What was once a telecom breach is now a case study in how “zombie data” old leaks that never truly die, can be weaponised for large-scale phishing, fraud, and account takeovers.
From 73 Million to 176 Million Victims
When AT&T first acknowledged the breach in 2024, it affected roughly 73 million current and former customers. The dataset now circulating, first observed in private forums on February 2, 2026, is far larger and far more complete.
Criminal groups have used data enrichment techniques to merge the original AT&T records with information from other high-profile breaches, including the 2024 Snowflake incident. The result is a consolidated identity dataset that dramatically raises the success rate of social-engineering attacks.
The enriched dataset reportedly contains:
- 131 million email addresses
- 148 million Social Security numbers (full and partial)
- 133 million full names and physical addresses
- 132 million phone numbers
- 75 million dates of birth
This level of cross-referenced detail turns generic phishing into highly personalized deception.
Legal Context: A Settlement That Can’t Undo the Damage
This resurgence comes at a critical moment. A $177 million class-action settlement tied to the original AT&T breach reached its final approval hearing on January 15, 2026, in Texas federal court.
If approved, payouts could range from modest amounts to up to $7,500 for claimants who can document financial losses. But the reappearance of this dataset underscores an uncomfortable truth: settlements compensate victims, they don’t put breached data back in the bottle.
