AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first incident (March 30, 2024) leaked highly vulnerable data on the dark web, including **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers**—enabling identity theft and financial fraud. The second breach (July 12, 2024) involved unauthorized downloads of **call records, interaction frequencies, cell site IDs, and phone numbers**, though less severe. Some customers were affected by both breaches. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, with payouts tied to documented losses and exposure severity. The breaches triggered class-action lawsuits, highlighting systemic security failures. Social Security number exposure—critical for fraud—elevates the incident’s gravity, while call metadata leaks, though less damaging, still pose privacy risks. The settlement reflects the scale of harm, with millions potentially impacted nationwide.
Source: https://rollingout.com/2025/11/13/att-settlement-data-breach-deadline/
AT&T cybersecurity rating report: https://www.rankiteo.com/company/att
"id": "ATT1393413111325",
"linkid": "att",
"type": "Breach",
"date": "3/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions (exact number '
'undisclosed)',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'AT&T',
'size': 'Large (Millions of customers nationwide)',
'type': 'Telecommunications Company'}],
'attack_vector': ['Dark Web Data Leak (March 2024)',
'Unauthorized Data Download (July 2024)'],
'customer_advisories': 'Eligible customers must file claims via online form '
'or mail by Dec. 18, 2025. Payments will be '
'distributed on a pro rata basis after final approval.',
'data_breach': {'data_exfiltration': 'Yes (data appeared on dark web in March '
'2024; unauthorized downloads in July '
'2024)',
'number_of_records_exposed': 'Millions (exact number '
'undisclosed)',
'personally_identifiable_information': 'Yes (names, '
'addresses, SSNs, '
'dates of birth, etc.)',
'sensitivity_of_data': 'High (Social Security numbers, call '
'records, and financial data exposed)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (Billing Account '
'Numbers)',
'Call Metadata (Phone Numbers, '
'Call Records, Cell Site IDs)']},
'date_detected': ['2024-03-30', '2024-07-12'],
'description': 'AT&T agreed to a $177 million settlement following two '
'significant data breaches in 2024 that exposed customer '
'information, including Social Security numbers, phone '
'records, and other sensitive data. The settlement addresses '
'class action lawsuits, with eligible customers required to '
'file claims by December 18, 2025, to receive compensation of '
'up to $7,500 for those affected by both breaches. The first '
'breach (March 30, 2024) involved highly sensitive data posted '
'on the dark web, while the second (July 12, 2024) involved '
'unauthorized downloads of call records and phone interaction '
'data. Payments are structured in tiers based on the type of '
'data compromised and documented losses.',
'impact': {'brand_reputation_impact': 'High (one of the largest '
'telecommunications data breach '
'settlements in recent years)',
'customer_complaints': 'Class action lawsuits filed; settlement '
'indicates significant customer '
'dissatisfaction',
'data_compromised': ['Names',
'Addresses',
'Telephone Numbers',
'Email Addresses',
'Dates of Birth',
'Account Passcodes',
'Billing Account Numbers',
'Social Security Numbers (March 2024 breach)',
'Call Records (July 2024 breach)',
'Cell Site Identification Numbers (subset of '
'individuals in July 2024 breach)'],
'financial_loss': 'Up to $7,500 per affected individual '
'(settlement payout); total settlement fund: '
'$177 million',
'identity_theft_risk': 'High (Social Security numbers exposed in '
'March 2024 breach)',
'legal_liabilities': '$177 million settlement; class action '
'lawsuits consolidated and resolved'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (March 2024 breach)',
'high_value_targets': ['Customer PII (Social '
'Security numbers, billing '
'data)',
'Call Records (telephone '
'interaction metadata)']},
'investigation_status': 'Settlement agreed; final approval hearing scheduled '
'for Jan. 15, 2026',
'motivation': ['Financial Gain (Potential Identity Theft/Fraud)',
'Data Exfiltration for Resale'],
'post_incident_analysis': {'corrective_actions': 'Settlement fund '
'established; no technical '
'remediation details '
'disclosed'},
'ransomware': {'data_exfiltration': 'Yes (data appeared on dark web)'},
'recommendations': ['Customers should file claims before the Dec. 18, 2025 '
'deadline to receive compensation.',
'Affected individuals should monitor for identity theft '
'and fraud due to exposed SSNs.',
'AT&T should enhance data protection measures to prevent '
'future breaches.'],
'references': [{'source': 'AT&T Data Incident Settlement Claim Form'},
{'source': 'Class Action Lawsuit Documents (Consolidated '
'Federal Lawsuits)'}],
'regulatory_compliance': {'fines_imposed': '$177 million settlement (not a '
'fine, but compensation for '
'affected customers)',
'legal_actions': 'Class action lawsuits filed and '
'consolidated; settlement agreed '
'upon'},
'response': {'communication_strategy': 'Public settlement announcement; '
'dedicated settlement website for '
'claims',
'incident_response_plan_activated': 'Yes (settlement process '
'initiated)',
'recovery_measures': 'Compensation claims process with deadlines '
'(Dec. 18, 2025 for claims; Jan. 15, 2026 '
'for final approval hearing)',
'remediation_measures': 'Settlement fund established for '
'affected customers'},
'stakeholder_advisories': 'Customers advised to submit claims by Dec. 18, '
'2025; opt-out or objection deadline: Nov. 18, 2025',
'threat_actor': 'Unauthorized Individuals',
'title': 'AT&T Data Breaches (March & July 2024) and $177 Million Settlement',
'type': ['Data Breach', 'Unauthorized Data Access', 'Identity Theft Risk']}