A recent listing on a dark web data leak site operated by the Everest ransomware group claims to have accessed 576,686 personal records associated with AT&T Careers, the recruitment platform of the telecommunications giant. This platform facilitates role applications, resume submissions, and career management for both applicants and employees.
This listing surfaced on October 21, with the group asserting that there are only four days left before the data becomes publicly accessible. Intriguingly, the data entry is protected by a password, which directs representatives from the company to “follow instructions” before the deadline expires.
The password protection indicates that the dataset is not fully available for download or preview, suggesting that Everest is imposing stringent access conditions. It is important to note that the Everest ransomware group is recognized for publishing stolen databases and making extortion demands. Earlier this year, their leak site suffered a defacement, yet it remains operational with a range of victim listings.
The reference to “AT&T Careers” suggests that the data may pertain to recruitment processes, applicants, or employee records, rather than customer information. However, AT&T has not yet publicly confirmed any details related to this incident.
This is not the first time AT&T has faced data breaches. In August 2021, the ShinyHunters hacking group claimed to have stolen data from 70 million customers and subsequently attempted to sell it. The company only acknowledged this breach in April 2024. Additionally, in June 2025, hackers leaked 86 million AT&T records containing decrypted Social Security Numbers, leading the company to agree to a $177 million settlement regarding breaches that occurred between 2019 and 2024.
Hackread.com reached out to AT&T’s security and communications teams for insights into the latest listing, specifically regarding the password protection and whether an investigation is underway. As of now, AT&T has not provided a public response concerning this particular incident.
What Measures to Take
For those who have applied to AT&T or have worked through its “Careers” platform, it is advisable to change any associated account passwords and avoid using the same password elsewhere. Enabling multi-factor authentication on login accounts is also a crucial step. It is recommended to actively monitor financial statements, credit reports, and communications for any unusual activity, and to approach any potential phishing attempts related to “AT&T Careers” with caution. Always follow official communication channels rather than unsolicited links.
The Everest group has listed multiple victims since its inception in 2021, including notable companies like Coca-Cola and Mailchimp. Its operational focus centers on acquiring corporate databases, employee records, and financial data.
The latest AT&T Careers listing raises significant concerns about the company’s cybersecurity measures, especially if the compromised data stems from a third-party vendor—a situation increasingly observed in recent incidents. As this story develops, Hackread.com will continue to monitor for any official confirmations or published evidence by AT&T, as well as credible third-party analyses. Affected individuals should remain vigilant and await further guidance from AT&T or relevant authorities.
