Breach cyber

AT&T

Oct 1, 2022 2 min read
AT&T

On **March 30, 2024**, AT&T disclosed a massive **data breach** exposing **73 million accounts** (7.6M current + 65.4M former customers). Hackers leaked **dark web datasets** containing **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers**—highly sensitive personal and financial data. A second breach on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* AT&T cellular, MVNO, and landline customers from a **third-party cloud platform** (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered **federal investigations**, **national security concerns** (FBI/DOJ delays), and a **$177M class-action settlement** (up to **$7,500 per victim**). The breaches prompted **state/federal lawsuits**, regulatory scrutiny, and reputational damage, with AT&T facing **customer churn risks** and **operational disruptions** from incident response.

Source: https://www.statesman.com/news/article/att-data-breach-settlement-claim-eligible-21094137.php

TPRM report: https://www.rankiteo.com/company/att

"id": "att4692046101025",
"linkid": "att",
"type": "Breach",
"date": "10/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '73,000,000 (March 2024); '
                                              "'Nearly all' cellular customers "
                                              '(July 2024)',
                        'industry': 'Telecom',
                        'location': 'Dallas, Texas, USA',
                        'name': 'AT&T',
                        'size': 'Large (Millions of customers)',
                        'type': 'Telecommunications'}],
 'attack_vector': ['Dark Web Leak (March 2024)',
                   'Third-Party Cloud Platform Compromise (July 2024)'],
 'customer_advisories': 'Eligible for compensation up to $7,500 (documented '
                        'losses); Tiered cash payments for PII exposure',
 'data_breach': {'data_exfiltration': 'Yes (Dark web leak; third-party cloud '
                                      'download)',
                 'number_of_records_exposed': ['73,000,000 (March 2024)',
                                               "'Nearly all' cellular "
                                               'customers (July 2024)'],
                 'personally_identifiable_information': ['Social Security '
                                                         'Numbers',
                                                         'Addresses',
                                                         'Birthdates',
                                                         'Phone Numbers'],
                 'sensitivity_of_data': 'High (SSNs, PII)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Call/Text Metadata']},
 'date_publicly_disclosed': ['2024-03-30', '2024-07-12'],
 'description': 'On March 30, 2024, AT&T announced its first data breach '
                'affecting ~73 million accounts (7.6M current + 65.4M former '
                'customers), exposing PII like SSNs, addresses, and passcodes '
                'on the dark web. A second breach on July 12, 2024, involved '
                "call/text metadata for 'nearly all' cellular customers "
                '(May–Oct 2022). Federal agencies delayed public disclosure '
                'due to national security concerns. AT&T agreed to a $177M '
                'settlement ($149M for the first breach, $28M for the second), '
                'with claims due by Nov 18, 2024.',
 'impact': {'brand_reputation_impact': 'High (Class-action lawsuits, '
                                       'regulatory scrutiny)',
            'data_compromised': ['Addresses',
                                 'Social Security Numbers',
                                 'Birthdates',
                                 'Passcodes',
                                 'Billing Numbers',
                                 'Phone Numbers',
                                 'Call/Text Metadata (May 1, 2022 – Oct 31, '
                                 '2022)'],
            'identity_theft_risk': 'High (SSNs, PII exposed)',
            'legal_liabilities': '$177M settlement (pending court approval)',
            'payment_information_risk': 'Low (No payment card data confirmed)',
            'systems_affected': ['Customer Databases',
                                 'Third-Party Cloud Platform']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (March 2024 breach)'},
 'investigation_status': 'Ongoing (Settlement pending court approval on Dec 3, '
                         '2024)',
 'references': [{'source': 'AT&T Press Release (March 30, 2024)'},
                {'source': 'AT&T Press Release (July 12, 2024)'},
                {'source': 'FBI Statement on Disclosure Delay'},
                {'source': 'Kroll Settlement Administration (Claims Portal)'}],
 'regulatory_compliance': {'fines_imposed': '$177M settlement (proposed)',
                           'legal_actions': 'Class-action lawsuits (two '
                                            'consolidated cases)',
                           'regulatory_notifications': 'FBI, DOJ '
                                                       '(collaborative delay '
                                                       'for national '
                                                       'security)'},
 'response': {'communication_strategy': 'Delayed disclosure (national security '
                                        'concerns); Customer notifications via '
                                        'email (Kroll Settlement '
                                        'Administration)',
              'incident_response_plan_activated': 'Yes (Collaboration with '
                                                  'FBI/DOJ)',
              'law_enforcement_notified': 'Yes (FBI, DOJ)'},
 'stakeholder_advisories': 'Customers notified via email '
                           '([email protected]); Claims deadline: '
                           'Nov 18, 2024',
 'title': 'AT&T Data Breaches (March & July 2024)',
 'type': ['Data Breach', 'Unauthorized Data Access']}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.