Personal data belonging to 73 million current or former AT&T customers has been leaked online.
Information including addresses, social security numbers and passcodes was published on the dark web, the US telecoms giant said.
AT&T said it had not identified evidence indicating the data had been stolen but had brought in cybersecurity experts to investigate.
The company said it had reset customers’ passcodes.
They were urged by the company to “remain vigilant by monitoring account activity and credit reports”.
The data involved in the breach appears to be from 2019 or earlier and is linked to 7.6 million customers and 65.4 million former account holders.
It also includes information such as full names, email addresses and dates of birth, though AT&T said financial information had not appeared in the leak.
The company said in a statement that it was unclear whether the data had originated from its own systems or via a third-party supplier.
AT&T’s wireless 5G network covers around 290 million people across the US and the company is one of the country’s largest mobile and internet services providers.
In February, a major outage impacted tens of thousands of phone users, which prompted an apology from the firm and an offer of $5 credit for those affected.
Prosecutors in New York launched an investigation into that episode, which left people unable to use their phones for around 12 hours.