AT&T is settling two major data breaches affecting **72.6 million customers** (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The **first breach (March 2024)** exposed highly sensitive data—including **Social Security numbers, birthdates, addresses, passcodes, and billing details**—on the dark web. The **second breach (disclosed July 2024)** involved hackers infiltrating a cloud platform to steal **six months of call/text metadata (2022)**, including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to **$5,000 (first breach)**, **$2,500 (second breach)**, or **$7,500 (both)**. AT&T denies wrongdoing but agreed to a **$177M settlement** to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from **[email protected]** with claim deadlines set for **November 18, 2024**.
TPRM report: https://www.rankiteo.com/company/att
"id": "att4065240090625",
"linkid": "att",
"type": "Breach",
"date": "6/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72.6 million (7.6 million '
'current + 65 million former)',
'industry': 'Telecommunications',
'location': 'United States (Nationwide, including '
'Kansas)',
'name': 'AT&T',
'size': 'Large (Tens of millions of current/former '
'customers)',
'type': 'Telecommunications Company'}],
'attack_vector': ['Dark Web Data Leak (First Breach)',
'Cloud Platform Exploitation (Second Breach)'],
'customer_advisories': 'Claim forms available at '
'www.TelecomDataSettlement.com; deadline: November 18, '
'2024',
'data_breach': {'data_exfiltration': 'Yes (dark web leak for first breach; '
'cloud platform access for second '
'breach)',
'number_of_records_exposed': '72.6 million (first breach) + '
'unspecified (second breach, 6 '
'months of call/text data in '
'2022)',
'personally_identifiable_information': 'Yes (SSNs, '
'birthdates, '
'addresses, phone '
'numbers)',
'sensitivity_of_data': 'High (SSNs, passcodes, call records)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Call Records',
'Telecommunications Metadata']},
'date_detected': ['2024-03-30', '2022-01-01'],
'date_publicly_disclosed': ['2024-03-30', '2024-07-12'],
'description': 'AT&T is offering settlements totaling $177 million for two '
'separate data breaches affecting millions of customers. The '
'first breach (March 30, 2024) exposed sensitive data of 72.6 '
'million customers (7.6 million current and 65 million former) '
'on the dark web, including SSNs, birthdates, phone numbers, '
'addresses, billing numbers, and passcodes. The second breach '
'(disclosed July 12, 2024) involved the theft of telephone and '
'text message data (call records, aggregate call duration, and '
'cell site details) from a cloud platform over six months in '
'2022. Eligible victims can claim up to $7,500 if affected by '
'both breaches, with deadlines set for November 18, 2024. AT&T '
'denies wrongdoing but settled to avoid litigation.',
'impact': {'brand_reputation_impact': 'Moderate to High (public disclosure, '
'settlements, and potential loss of '
'customer trust)',
'customer_complaints': 'Expected (class-action lawsuits filed)',
'data_compromised': ['Social Security Numbers (SSNs)',
'Birthdates',
'Phone Numbers',
'Addresses',
'Billing Numbers',
'Passcodes',
'Call Records (phone numbers, aggregate call '
'duration, cell site details)'],
'financial_loss': '$177 million (settlement funds: $149M + $28M)',
'identity_theft_risk': 'High (SSNs and personal data exposed in '
'first breach)',
'legal_liabilities': 'Class-action lawsuits settled; AT&T denies '
'wrongdoing but agreed to payouts to avoid '
'litigation',
'payment_information_risk': 'Moderate (billing numbers and '
'passcodes exposed)',
'systems_affected': ['Customer Databases (First Breach)',
'Cloud Platform (Second Breach)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (first breach)',
'high_value_targets': ['Customer PII (First Breach)',
'Call/Text Records (Second '
'Breach)']},
'investigation_status': 'Ongoing (settlement approval hearing scheduled for '
'December 3, 2024)',
'post_incident_analysis': {'corrective_actions': 'Settlement payouts to avoid '
'litigation; no technical '
'remediation details '
'disclosed'},
'ransomware': {'data_exfiltration': 'Yes (first breach: dark web; second '
'breach: cloud platform)'},
'references': [{'source': 'Topeka Capital-Journal',
'url': 'https://www.cjonline.com'},
{'source': 'Telecom Data Settlement Website',
'url': 'https://www.TelecomDataSettlement.com'},
{'date_accessed': '2024-10 (per article)',
'source': 'Kroll Settlement Administration News Release'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuits settled (no '
'admission of wrongdoing)'},
'response': {'communication_strategy': 'Email notifications '
'([email protected]) and '
'public announcements via news '
'releases',
'incident_response_plan_activated': 'Yes (settlement process '
'initiated)',
'recovery_measures': 'Settlement funds ($177M) for affected '
'customers',
'third_party_assistance': 'Kroll Settlement Administration '
'(court-appointed administrator)'},
'stakeholder_advisories': 'Emails sent to affected customers '
'([email protected]); public news '
'releases',
'title': 'AT&T Data Breaches Settlement for 72.6 Million Customers',
'type': ['Data Breach', 'Unauthorized Access', 'Cloud Security Incident']}