A listing on the dark web data leak site run by the Everest ransomware group claims it holds 576,686 personal records linked to AT&T Careers, the telecom giant’s official job and recruitment platform, where applicants and employees apply for roles, submit resumes, and manage career-related information.
The listing appeared on October 21, and the group claims there are four days remaining before the data is publicly released. Uniquely, the entry is locked behind a password and instructs the company representative to “follow instructions” before time runs out.
The password protection suggests that the full dataset is not available for download or preview, and that Everest is restricting access under specific conditions. For your information, the Everest ransomware group is known for publishing stolen databases and extortion demands, and its leak site underwent a defacement earlier this year but remains active with victim listings.
While the “AT&T Careers” label indicates that the data may relate to recruitment, applicants, or employee records rather than customer information, no verification has yet been publicly confirmed by AT&T.
Previously, AT&T suffered several data breaches, including the August 2021 incident in which the ShinyHunters hacking group claimed to have stolen data of 70 million customers before putting it up for sale. The company only acknowledged the breach in April 2024.
In June 2025, hackers leaked 86 million AT&T records containing decrypted Social Security Numbers (SSNs) of customers. The company later agreed to a $177 million settlement over breaches that occurred in 2019 and 2024.
Hackread.com reached out to AT&T’s security and communications teams for comment on the latest listing, the password gate, and whether an investigation is underway. As of this writing, the company has not issued a public response addressing this particular incident.
What to do (for applicants, employees, watchers)
If you applied to AT&T or worked via its “Careers” channel, consider taking the following steps:
- Change any AT&T account password you use, and avoid reusing it elsewhere.
- Enable multi-factor authentication on your login accounts wherever possible.
- Monitor your financial statements, credit files, and email/SMS communications for unusual activity.
- Be suspicious of phishing attempts referencing “AT&T Careers” or “application portal” and asking you to click links or provide further data.
- If you receive direct notification from AT&T or a vendor, follow official channels rather than links in unsolicited communications.
The Everest group has listed hundreds of victims since 2021, including Coca-Cola and Mailchimp, and specialises in stealing corporate databases, customer and employee records, and financial information.
The AT&T Careers listing once again raises questions about the company’s cybersecurity practices, unless the alleged data originated from a third-party vendor, a scenario that has become increasingly common in recent incidents.
Hackread.com will continue to monitor for AT&T’s official verification, any published sample evidence, and credible third-party analysis. If you believe you may be affected, take the protective steps above and await official guidance from AT&T or relevant authorities.
