Breach cyber

AT&T

Sep 24, 2025 2 min read
AT&T

AT&T agreed to a **$177 million class-action settlement** following **two major data breaches in 2024**. The first breach (March 30) exposed **customer addresses, Social Security numbers, and passcodes** on the dark web, affecting **over 7 million 2024 account holders and 65 million customers from 2019–2024**. The second breach (July 12) involved hackers illegally downloading **call and text records**. Victims faced **identity theft**, including unauthorized vehicle purchases, credit card applications, and fraudulent bank accounts registered in their names. Florida plaintiffs reported financial losses and persistent spam attacks. AT&T denied wrongdoing but settled to avoid litigation. Affected customers can claim up to **$7,500** with documented losses, with tiered payouts for those without proof. The breaches led to **widespread reputational damage, financial fraud, and long-term trust erosion** among customers.

Source: https://www.jacksonville.com/story/news/2025/09/24/att-settlement-deadline-data-breach-lawsuits-how-submit/86325224007/

TPRM report: https://www.rankiteo.com/company/att

"id": "att1792517092425",
"linkid": "att",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '73+ million (7M in 2024, 65M '
                                              'from 2019–2024)',
                        'industry': 'Telecom',
                        'location': 'United States',
                        'name': 'AT&T',
                        'size': 'Large (millions of customers)',
                        'type': 'Telecommunications'}],
 'attack_vector': ['Dark Web Data Dump (March 2024)',
                   'Unauthorized Data Download (July 2024)'],
 'customer_advisories': 'Claims process open until November 18, 2025; tiers '
                        'for compensation based on documented losses',
 'data_breach': {'data_exfiltration': 'Yes (dark web leaks)',
                 'number_of_records_exposed': '73+ million',
                 'personally_identifiable_information': ['Social Security '
                                                         'Numbers',
                                                         'Addresses',
                                                         'Passcodes',
                                                         'Call/Text Metadata'],
                 'sensitivity_of_data': 'High (SSNs, financial-linked data)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Call/Text Records',
                                              'Authentication Credentials '
                                              '(passcodes)']},
 'date_detected': ['2024-03-30', '2024-07-12'],
 'date_publicly_disclosed': ['2024-03-30', '2024-07-12'],
 'description': 'AT&T agreed to a $177 million class action settlement '
                'following two separate data breaches in 2024. The first '
                'breach (March 30) exposed customer information—including '
                'addresses, Social Security numbers, and passcodes—on the dark '
                'web. The second breach (July 12) involved hackers illegally '
                "downloading customers' call and text records. Over 73 million "
                'people were affected across both incidents (7 million in '
                '2024, 65 million from 2019–2024). The settlement provides '
                'tiered compensation (up to $7,500) for documented losses, '
                'with claims due by November 18, 2025.',
 'impact': {'brand_reputation_impact': 'Significant (class action lawsuits, '
                                       'public distrust)',
            'customer_complaints': ['Spam calls/texts/emails',
                                    'Unauthorized financial transactions '
                                    '(e.g., vehicle purchases, credit card '
                                    'applications)'],
            'data_compromised': ['Addresses',
                                 'Social Security Numbers',
                                 'Passcodes (March 2024)',
                                 'Call and Text Records (July 2024)'],
            'financial_loss': '$177 million (settlement amount)',
            'identity_theft_risk': 'High (documented cases of fraud using '
                                   'stolen data)',
            'legal_liabilities': '$177 million settlement',
            'payment_information_risk': 'Indirect (via linked accounts, e.g., '
                                        'Wells Fargo autopay)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (March 2024 breach)',
                           'high_value_targets': 'Customer PII (SSNs, '
                                                 'passcodes, call records)'},
 'investigation_status': 'Settled (class action)',
 'motivation': ['Financial Gain (Identity Theft/Fraud)',
                'Data Theft for Resale'],
 'post_incident_analysis': {'corrective_actions': 'Settlement payments; no '
                                                  'technical remediation '
                                                  'details disclosed'},
 'ransomware': {'data_exfiltration': 'Yes (but not ransomware-related)'},
 'references': [{'source': 'USA TODAY',
                 'url': 'https://www.usatoday.com/story/tech/2024/XX/XX/att-data-breach-settlement-how-file-claim/XXXXX/'},
                {'source': 'Kroll Settlement Administration',
                 'url': 'https://www.telecomdatasettlement.com'}],
 'regulatory_compliance': {'fines_imposed': '$177 million (settlement, not '
                                            'regulatory fine)',
                           'legal_actions': 'Class action lawsuits '
                                            '(consolidated)'},
 'response': {'communication_strategy': ['Emails to affected customers',
                                         'Public statements (denying '
                                         'wrongdoing but settling to avoid '
                                         'litigation)',
                                         'Settlement website '
                                         '(www.telecomdatasettlement.com)'],
              'incident_response_plan_activated': 'Yes (settlement process '
                                                  'initiated)',
              'recovery_measures': 'Settlement fund ($177M) for affected '
                                   'customers',
              'third_party_assistance': 'Kroll Settlement Administration '
                                        '(claims management)'},
 'stakeholder_advisories': 'Customers notified via email; public settlement '
                           'website',
 'title': 'AT&T Data Breaches and $177 Million Settlement (2024)',
 'type': ['Data Breach', 'Unauthorized Data Exposure', 'Dark Web Data Leak']}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.