AT&T deadline to file in part of a $177 million settlement is fast approaching. AP
The deadline to file a claim in the massive $177 million AT&T data breach settlement is approaching fast.
Eligible customers have about two weeks left to submit their claims before the Dec. 18 cutoff.
The settlement stems from two AT&T data breaches in 2024, which occurred just months apart and exposed personal information for millions of current and former customers.
What happened
The first breach, in March 2024, leaked addresses, dates of birth, billing account numbers, passcodes, and Social Security numbers belonging to 7.6 million current and 65.4 million former AT&T customers.
According to the settlement website, this information was released on the dark web.
The second breach, in July 2024, exposed call and text records for about 110 million customers between 2022 and 2023. These records were “illegally downloaded from our workspace on a third-party cloud platform,” the settlement states.
Multiple lawsuits followed, later consolidated and resolved with a settlement in the U.S. Northern District Court of Texas.
How much money could you receive?
Customers affected by either breach can file a claim, but payouts vary depending on which incident impacted them.
Those affected by both breaches may qualify for up to $7,500.
For those involved in the first breach, class members receive up to $5,000 if they can show the losses are “fairly traceable to the AT&T 1 Data Incident.”
Remaini
AT&T cybersecurity rating report: https://www.rankiteo.com/company/att
"id": "ATT1764781901",
"linkid": "att",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '110 million '
'(current and '
'former)',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'AT&T',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': 'Third-party cloud platform compromise',
'customer_advisories': 'Claims deadline: December 18, 2024',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (dark web release)',
'file_types_exposed': None,
'number_of_records_exposed': '73 million (first '
'breach), 110 '
'million (second '
'breach)',
'personally_identifiable_information': ['Addresses',
'Dates '
'of '
'birth',
'Social '
'Security '
'numbers',
'Passcodes',
'Billing '
'account '
'numbers'],
'sensitivity_of_data': 'High (SSNs, passcodes, '
'billing details, '
'call/text records)',
'type_of_data_compromised': ['Personal '
'information',
'Call and text '
'records']},
'date_detected': '2024-03-01',
'description': 'AT&T faced two major data breaches in 2024, '
'exposing personal information and call/text '
'records of millions of customers. The breaches '
'led to a $177 million settlement with a deadline '
'for claims on December 18, 2024.',
'impact': {'brand_reputation_impact': 'Significant',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information, call and '
'text records',
'downtime': None,
'financial_loss': '$177 million settlement',
'identity_theft_risk': 'High',
'legal_liabilities': 'Multiple lawsuits consolidated '
'into settlement',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Third-party cloud platform '
'workspace'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': 'Yes (first '
'breach data)',
'entry_point': 'Third-party cloud '
'platform',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Settled',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Third-party cloud '
'platform compromise'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Associated Press (AP)',
'url': None},
{'date_accessed': None,
'source': 'AT&T Settlement Website',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Multiple lawsuits '
'consolidated in U.S. '
'Northern District '
'Court of Texas',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public disclosure via '
'settlement website',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'AT&T Data Breach Settlement',
'type': ['Data Breach']}