Everest Ransomware gang claims breach of AT&T Careers platform and theft of 576,686 records
Learn More
The Everest ransomware group claims breach of AT&T Careers, the telecommunications giant's official job and recruitment platform.
The listing appeared on the group's dark web site on October 21, 2025. The hackers claim to have 576,686 personal records and gave a four days deadline before the data is publicly released.
Everest group has not released sample data from the breach, AT&T Careers is known to collect extensive information from job applicants and employees. Based on the platform's standard data collection practices, the potentially exposed information may include:
- Full names
- Email addresses
- Phone numbers
- Home addresses
- Resumes and curriculum vitae
- Professional work history
- Educational background
- Skills and certifications
- References and contact information
- Cover letters
- Salary expectations
- Equal Employment Opportunity (EEO) information (race, gender, ethnicity - where voluntarily provided)
- Veteran status (where voluntarily disclosed)
- Disability status (where voluntarily disclosed)
The nature of the attack is not disclosed. It's not clear whether one claimed record equals to one individual or the hackers are counting each document separately (which may amount up to 3-5 documents per individual).
AT&T stated: "We are currently investigating this, but at this time we have no evidence of a compromise of our systems."
Job seekers and employees who have applied to AT&T or worked via its Careers channel are advised change any AT&T account passwords immediately, and avoid reusing passwords across multiple platforms, be careful of phishing claiming to be from AT&T and monitor financial statements, credit files, and email/SMS communications for unusual activity.
