AT&T suffered two major data breaches in **March and July 2024**, exposing sensitive customer information. The **March breach** leaked **Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes**, and other personal data on the dark web. The **July breach** exposed **phone numbers, call logs, interaction counts, call frequencies, and cell site IDs**. Millions of users were affected, with some experiencing **identity theft risks, financial fraud, and reputational harm**. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, depending on the extent of data exposure. The breaches led to **legal action, financial losses for customers, and long-term trust erosion** in the company’s cybersecurity measures.
AT&T cybersecurity rating report: https://www.rankiteo.com/company/att
"id": "ATT4392343111325",
"linkid": "att",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Telecom',
'location': 'United States',
'name': 'AT&T',
'size': 'Large (millions of customers)',
'type': 'Telecommunications Company'}],
'customer_advisories': 'Check eligibility via official settlement site using '
'name, email, account number, or settlement ID. Claims '
'can be filed online or by mail.',
'data_breach': {'data_exfiltration': 'Yes (data appeared on dark web)',
'number_of_records_exposed': 'Millions',
'personally_identifiable_information': ['Social Security '
'numbers',
'Names',
'Addresses',
'Birthdates',
'Email IDs',
'Phone numbers',
'Account passcodes'],
'sensitivity_of_data': 'High (SSNs, PII, account credentials)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (billing account '
'numbers)',
'Telecom Metadata (call logs, '
'cell site IDs)']},
'date_detected': ['2024-03-30', '2024-07-12'],
'date_publicly_disclosed': '2025-08-01',
'description': 'AT&T agreed to a $177 million settlement for two major data '
'breaches in 2024 (March and July), exposing millions of '
"customers' sensitive data, including Social Security numbers, "
'birthdates, account details, phone numbers, and call logs. '
'Victims can claim up to $7,500 if filed before November 18, '
'2025. The settlement covers documented losses, with payouts '
'tiered based on data exposure severity. Claims are processed '
'online or via mail, with payouts expected in 2026 post-court '
'approval.',
'impact': {'brand_reputation_impact': 'Significant (class-action settlement, '
'public disclosure)',
'customer_complaints': 'Millions of affected customers',
'data_compromised': ['Social Security numbers',
'Birthdates',
'Names',
'Addresses',
'Email IDs',
'Phone numbers',
'Billing account numbers',
'Account passcodes',
'Call logs',
'Interaction counts',
'Call frequencies',
'Cell site IDs'],
'financial_loss': '$177 million (settlement amount)',
'identity_theft_risk': 'High (SSNs, PII exposed)',
'legal_liabilities': '$177 million settlement',
'payment_information_risk': 'Moderate (billing account numbers '
'exposed)'},
'investigation_status': 'Settled (awaiting court approval for payouts)',
'post_incident_analysis': {'corrective_actions': 'Settlement payouts, '
'customer compensation '
'tiers'},
'references': [{'source': 'AT&T Data Breach Settlement Official Site'},
{'source': 'Kroll Settlement Administration'}],
'regulatory_compliance': {'fines_imposed': '$177 million (settlement)',
'legal_actions': 'Class-action lawsuit settled'},
'response': {'communication_strategy': 'Public disclosure, official '
'settlement website, customer '
'notifications',
'incident_response_plan_activated': 'Yes (settlement process '
'initiated)',
'recovery_measures': 'Settlement payouts to victims',
'third_party_assistance': 'Kroll Settlement Administration '
'(claims processing)'},
'stakeholder_advisories': 'Customers advised to file claims before November '
'18, 2025',
'title': 'AT&T Data Breach Settlement (2024)',
'type': 'Data Breach'}