A list on the darkish internet knowledge leak web site run by the Everest ransomware group claims it holds 576,686 private information linked to AT&T Careers, the telecom big’s official job and recruitment platform, the place candidates and workers apply for roles, submit resumes, and handle career-related info.
The itemizing appeared on October 21, and the group claims there are 4 days remaining earlier than the information is publicly launched. Uniquely, the entry is locked behind a password and instructs the corporate consultant to “observe directions” earlier than time runs out.
The password safety means that the complete dataset will not be obtainable for obtain or preview, and that Everest is proscribing entry beneath particular circumstances. To your info, the Everest ransomware group is thought for publishing stolen databases and extortion calls for, and its leak web site underwent a defacement earlier this 12 months however stays lively with sufferer listings.
Whereas the “AT&T Careers” label signifies that the information could relate to recruitment, candidates, or worker information slightly than buyer info, no verification has but been publicly confirmed by AT&T.
Beforehand, AT&T suffered a number of knowledge breaches, together with the August 2021 incident through which the ShinyHunters hacking group claimed to have stolen knowledge of 70 million prospects earlier than placing it up on the market. The corporate solely acknowledged the breach in April 2024.
In June 2025, hackers leaked 86 million AT&T information containing decrypted Social Safety Numbers (SSNs) of shoppers. The corporate later agreed to a $177 million settlement over breaches that occurred in 2019 and 2024.
Hackread.com reached out to AT&T’s safety and communications groups for touch upon the most recent itemizing, the password gate, and whether or not an investigation is underway. As of this writing, the corporate has not issued a public response addressing this specific incident.
What to do (for candidates, workers, watchers)
In case you utilized to AT&T or labored by way of its “Careers” channel, think about taking the next steps:
- Change any AT&T account password you employ, and keep away from reusing it elsewhere.
- Allow multi-factor authentication in your login accounts wherever potential.
- Monitor your monetary statements, credit score information, and e mail/SMS communications for uncommon exercise.
- Be suspicious of phishing makes an attempt referencing “AT&T Careers” or “utility portal” and asking you to click on hyperlinks or present additional knowledge.
- In case you obtain direct notification from AT&T or a vendor, observe official channels slightly than hyperlinks in unsolicited communications.
The Everest group has listed lots of of victims since 2021, together with Coca-Cola and Mailchimp, and specialises in stealing company databases, buyer and worker information, and monetary info.
The AT&T Careers itemizing as soon as once more raises questions in regards to the firm’s cybersecurity practices, except the alleged knowledge originated from a third-party vendor, a situation that has turn into more and more widespread in latest incidents.
Hackread.com will proceed to watch for AT&T’s official verification, any revealed pattern proof, and credible third-party evaluation. In case you imagine you might be affected, take the protecting steps above and await official steerage from AT&T or related authorities.
