AT&T experienced two major data breaches in 2024. The first, announced on **March 30, 2024**, exposed **73 million accounts** (7.6M current, 65.4M former customers), leaking **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers** on the dark web. The second, disclosed on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* cellular customers and landline interactions from **May 1, 2022 – October 31, 2022** via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to **national security risks**. AT&T settled lawsuits for **$177 million**, with affected customers eligible for up to **$7,500** in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data.
Source: https://www.statesman.com/news/article/att-data-breach-settlement-claim-deadline-21168305.php
AT&T cybersecurity rating report: https://www.rankiteo.com/company/att
"id": "ATT5202352111325",
"linkid": "att",
"type": "Breach",
"date": "5/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '~73 million (first breach), '
"'nearly all' cellular customers "
'(second breach)',
'industry': 'Telecommunications',
'location': 'Dallas, Texas, USA',
'name': 'AT&T',
'size': 'Large (millions of customers)',
'type': 'Telecommunications Company'},
{'customers_affected': 'Included in second breach',
'industry': 'Telecommunications',
'location': 'USA',
'name': 'Mobile Virtual Network Operators (MVNOs) '
"using AT&T's network",
'type': 'Telecommunications Providers'},
{'customers_affected': 'Interacted with cellular '
'numbers during May 1–October '
'31, 2022 (second breach)',
'location': 'USA',
'name': 'AT&T Landline Customers',
'type': 'Telecommunications Customers'}],
'attack_vector': ['Dark Web Data Leak (First Breach)',
'Third-Party Cloud Platform Compromise (Second Breach)'],
'customer_advisories': ['Eligible customers can claim up to $7,500 (if '
'affected by both breaches)',
'Tiered compensation based on SSN exposure (first '
'breach) or documented loss (second breach)',
'Claims process opened Aug. 4, 2024'],
'data_breach': {'data_exfiltration': 'Yes (dark web dataset in first breach; '
'third-party cloud in second)',
'number_of_records_exposed': ['~73 million (first breach)',
"'Nearly all' cellular "
'customers (second breach)'],
'personally_identifiable_information': ['Social Security '
'numbers',
'Addresses',
'Birthdates',
'Phone numbers'],
'sensitivity_of_data': 'High (SSNs, passcodes in first '
'breach; call/text metadata in second)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Telecommunications Metadata']},
'date_publicly_disclosed': ['2024-03-30', '2024-07-12'],
'description': 'AT&T experienced two major data breaches in 2024. The first, '
'announced on March 30, 2024, affected ~73 million accounts '
'(7.6M current, 65.4M former customers), exposing addresses, '
'Social Security numbers, birthdates, passcodes, billing '
'numbers, and phone numbers via a dark web dataset. The '
'second, announced on July 12, 2024, involved hackers '
'downloading call and text records (excluding content) of '
"'nearly all' cellular customers and landline interactions "
'from May 1–October 31, 2022, from a third-party cloud '
'platform. Federal agencies (FBI, DOJ) delayed public '
'disclosure due to national security concerns. AT&T agreed to '
'a $177M settlement ($149M for the first breach, $28M for the '
'second), with eligible customers able to claim up to $7,500 '
'in compensation.',
'impact': {'brand_reputation_impact': 'Significant (class-action lawsuits, '
'regulatory scrutiny)',
'customer_complaints': 'Multiple state/federal lawsuits filed',
'data_compromised': [{'breach_1': ['Addresses',
'Social Security numbers',
'Birthdates',
'Passcodes',
'Billing numbers',
'Phone numbers'],
'breach_2': ['Call records (metadata)',
'Text records (metadata)']}],
'financial_loss': '$177 million (settlement total)',
'identity_theft_risk': 'High (for first breach, due to SSN '
'exposure)',
'legal_liabilities': '$177 million settlement (pending court '
'approval)',
'payment_information_risk': 'Moderate (billing numbers exposed in '
'first breach)',
'systems_affected': ['Customer databases (First Breach)',
'Third-party cloud platform (Second Breach)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (first breach '
'dataset)',
'high_value_targets': ['Customer PII (first breach)',
'Call/text metadata (second '
'breach)']},
'investigation_status': 'Ongoing (settlement pending court approval on Dec. '
'3, 2024)',
'ransomware': {'data_exfiltration': 'Yes (second breach via third-party '
'cloud)'},
'references': [{'source': 'AT&T Press Release (March 30, 2024)'},
{'source': 'AT&T Press Release (July 12, 2024)'},
{'source': 'FBI Statement on Disclosure Delay'},
{'source': 'Kroll Settlement Administration (AT&T Data Breach '
'Settlement)'}],
'regulatory_compliance': {'fines_imposed': '$177 million (settlement, not a '
'fine)',
'legal_actions': ['Class-action lawsuits (two '
'consolidated cases)',
'Federal/state lawsuits'],
'regulatory_notifications': 'Delayed per FBI/DOJ '
'request (national '
'security concerns)'},
'response': {'communication_strategy': ['Public announcements (March 30, July '
'12, 2024)',
'Email notifications via Kroll '
'Settlement Administration',
'Settlement website for claims'],
'incident_response_plan_activated': 'Yes (collaboration with '
'FBI/DOJ)',
'law_enforcement_notified': 'Yes (FBI, DOJ involved in delay '
'decision)'},
'stakeholder_advisories': ['Email notifications via '
'[email protected]',
'Settlement website for claims (deadline: Nov. 18, '
'2024)',
'Opt-out deadline for independent lawsuits: Oct. '
'17, 2024'],
'title': 'AT&T Data Breaches (March & July 2024)',
'type': ['Data Breach', 'Unauthorized Data Access']}