Breach cyber

AT&T

Oct 31, 2022 2 min read
AT&T

AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first breach, announced in **March 2024**, compromised data of **73 million current and former account holders**, including **addresses, birthdates, passcodes, billing numbers, phone numbers, and Social Security numbers**, which were found on the dark web. The second breach, in **July 2024**, involved an **illegal download on a third-party cloud platform**, exposing **call and text records of nearly all AT&T cellular customers** (and those using its network) between **May 1 and October 31, 2022**. The breaches led to a **$177 million class-action settlement**, with affected customers eligible for **up to $7,500** in compensation. The exposed data poses severe risks of **identity theft, financial fraud, and privacy violations**, with long-term reputational and operational consequences for AT&T. The settlement awaits final court approval, with claims filed by **November 18, 2025**.

Source: https://www.delawareonline.com/story/news/2025/09/25/att-data-breach-settlement-who-is-eligible-how-to-file-when-deadline/86351556007/

TPRM report: https://www.rankiteo.com/company/att

"id": "att0502305092825",
"linkid": "att",
"type": "Breach",
"date": "10/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '73 million (First Breach), '
                                              'nearly all cellular customers '
                                              '(Second Breach)',
                        'industry': 'Telecommunications',
                        'location': 'United States',
                        'name': 'AT&T',
                        'size': 'Large (millions of customers)',
                        'type': 'Telecommunications'}],
 'attack_vector': ['Dark Web Data Leak (First Breach)',
                   'Third-Party Cloud Platform Exploitation (Second Breach)'],
 'customer_advisories': 'Eligibility checks via website or hotline '
                        '(833-890-4930); claims deadline: 2025-11-18',
 'data_breach': {'data_exfiltration': 'Yes (dark web and third-party cloud '
                                      'download)',
                 'file_types_exposed': ['Customer databases (First Breach)',
                                        'Call/text logs (Second Breach)'],
                 'number_of_records_exposed': ['73 million (First Breach)',
                                               'Nearly all AT&T cellular '
                                               'customers (Second Breach)'],
                 'personally_identifiable_information': 'Yes (addresses, '
                                                        'birthdates, '
                                                        'passcodes, SSNs, '
                                                        'phone numbers)',
                 'sensitivity_of_data': 'High (SSNs, call/text records)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Call and text records']},
 'date_detected': ['2024-03-01', '2024-07-01'],
 'date_publicly_disclosed': ['2024-03-01', '2024-07-01'],
 'description': 'AT&T is set to pay a $177 million class action settlement '
                'after two alleged data breaches where sensitive customer data '
                'was released on the dark web. The first breach affected 73 '
                'million current and former account holders, exposing identity '
                'information (addresses, birthdates, passcodes, billing '
                'numbers, phone numbers, and Social Security numbers) in a '
                'dark web dataset. The second breach, four months later, '
                'exposed call and text records of nearly all AT&T cellular '
                'customers and providers using the AT&T network between May 1 '
                'and October 31, 2022, due to an illegal download on a '
                'third-party cloud platform.',
 'impact': {'brand_reputation_impact': 'Significant (class action lawsuit and '
                                       'settlement)',
            'data_compromised': ['Identity information (addresses, birthdates, '
                                 'passcodes, billing numbers, phone numbers, '
                                 'Social Security numbers) - First Breach',
                                 'Call and text records (May 1 to October 31, '
                                 '2022) - Second Breach'],
            'financial_loss': '$177 million (settlement amount)',
            'identity_theft_risk': 'High (SSNs and personal data exposed)',
            'legal_liabilities': '$177 million settlement',
            'payment_information_risk': 'Moderate (billing numbers exposed)',
            'systems_affected': ['AT&T customer databases (First Breach)',
                                 'Third-party cloud platform (Second Breach)']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (First Breach)',
                           'entry_point': ['Dark web dataset (First Breach)',
                                           'Third-party cloud platform (Second '
                                           'Breach)'],
                           'high_value_targets': 'Customer PII and call/text '
                                                 'records'},
 'investigation_status': 'Ongoing (settlement pending court approval on '
                         '2025-12-03)',
 'post_incident_analysis': {'corrective_actions': 'Settlement payouts and '
                                                  'customer notifications'},
 'references': [{'source': 'Newsworthy (via article snippet)'},
                {'source': 'AT&T Settlement Website'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
                                            '$177 million'},
 'response': {'communication_strategy': 'Email notifications via '
                                        '[email protected], '
                                        'settlement website, and customer '
                                        'support hotline (833-890-4930)',
              'incident_response_plan_activated': 'Yes (class action '
                                                  'settlement process '
                                                  'initiated)',
              'recovery_measures': 'Settlement payouts to affected customers '
                                   '(up to $7,500 per person)',
              'third_party_assistance': 'Kroll Settlement Administration '
                                        '(claims processing)'},
 'stakeholder_advisories': 'Email notifications and settlement website for '
                           'claim filings',
 'title': 'AT&T Data Breach Settlement',
 'type': ['Data Breach', 'Unauthorized Access']}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.