In 2019, AT&T suffered a data breach exposing **personal information of 72.6 million people** (7.6M current + 65.4M former customers), including **Social Security numbers, birth dates, and legal names**. The breach was only disclosed in **March 2024** after data surfaced on the dark web. In **April 2024**, a second breach occurred when hackers (linked to **ShinyHunters**) accessed **phone records of 109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing data from 2022. Both breaches led to a **$177M class-action settlement**, with payouts up to **$5,000 (2019 breach)** and **$2,500 (2024 breach)** for documented losses. The incidents triggered **password resets for all affected current customers** and legal repercussions, including arrests of two hackers. The breaches exposed **sensitive customer data on a massive scale**, leading to reputational damage, financial losses, and regulatory scrutiny.
TPRM report: https://www.rankiteo.com/company/att
"id": "att914090225",
"linkid": "att",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '181 million (72M in 2019, 109M '
'in 2024)',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'AT&T',
'size': 'Large (109M+ customers in 2024 breach)',
'type': 'Telecommunications Corporation'},
{'customers_affected': '165+ companies targeted by '
'ShinyHunters (including AT&T)',
'industry': 'Cloud Computing',
'location': 'United States',
'name': 'Snowflake (2024 breach only)',
'type': 'Cloud Data Warehouse Provider'}],
'attack_vector': [{'2024_breach': 'Compromised credentials in Snowflake '
'cloud-based data warehouse (attributed to '
'ShinyHunters hacker group)'}],
'customer_advisories': ['Password resets for 2019 breach victims',
'Claim submission instructions for settlement '
'(online/mail)',
'Class Member ID required for filing'],
'data_breach': {'data_exfiltration': [{'2019_breach': 'Data leaked to dark '
'web (discovered in '
'2024)'},
{'2024_breach': 'Yes (via Snowflake '
'compromise)'}],
'number_of_records_exposed': [{'2019_breach': '73 million '
'(7.6M current '
'+ 65.4M former '
'customers)'},
{'2024_breach': '109 million'}],
'personally_identifiable_information': [{'2019_breach': 'Social '
'Security '
'numbers, '
'birth '
'dates, '
'legal '
'names'},
{'2024_breach': 'Phone '
'records '
'(potentially '
'linked '
'to '
'PII)'}],
'sensitivity_of_data': 'High (PII including SSNs in 2019 '
'breach)',
'type_of_data_compromised': [{'2019_breach': 'Social Security '
'numbers, birth '
'dates, legal '
'names'},
{'2024_breach': 'Phone records '
'(2022 data)'}]},
'date_detected': [{'2019_breach': '2024-03 (disclosed; actual breach occurred '
'in 2019)'},
{'2024_breach': '2024-04 (detected; disclosed in 2024-07)'}],
'date_publicly_disclosed': ['2024-03 (2019 breach)', '2024-07 (2024 breach)'],
'description': 'Two major data breaches at AT&T exposed personal information '
'of nearly 181 million people (72 million in 2019 and 109 '
'million in 2024). The 2019 breach involved Social Security '
'numbers, birth dates, and legal names of 7.6 million current '
'and 65.4 million former customers. The 2024 breach involved '
"phone records from 2022, accessed via Snowflake's cloud-based "
'data warehouse by the hacker group ShinyHunters. AT&T settled '
'a class-action lawsuit for $177 million, with $149 million '
'allocated to the 2019 breach and $28 million to the 2024 '
'breach. Claims are being processed by Kroll Settlement '
'Administration, with deadlines and payouts structured based '
'on documented losses.',
'impact': {'brand_reputation_impact': 'Significant (high-profile breaches and '
'prolonged legal proceedings)',
'customer_complaints': 'Class-action lawsuits filed by affected '
'customers',
'data_compromised': [{'2019_breach': 'Social Security numbers, '
'birth dates, legal names '
'(7.6M current + 65.4M former '
'customers)'},
{'2024_breach': 'Phone records from 2022 '
'(109M customers)'}],
'financial_loss': '$177 million (settlement amount)',
'identity_theft_risk': 'High (Social Security numbers and personal '
'data exposed in 2019 breach)',
'legal_liabilities': '$177 million settlement (split: $149M for '
'2019 breach, $28M for 2024 breach)',
'operational_impact': ['Password resets for all affected current '
'customers (2019 breach)',
'High traffic to settlement claim website '
'requiring virtual queue (2024)'],
'systems_affected': [{'2019_breach': None},
{'2024_breach': 'Snowflake cloud-based data '
'warehouse'}]},
'initial_access_broker': {'data_sold_on_dark_web': [{'2019_breach': 'Yes '
'(discovered '
'in '
'2024)'}],
'entry_point': [{'2019_breach': None},
{'2024_breach': 'Compromised '
'Snowflake '
'credentials'}],
'high_value_targets': [{'2024_breach': 'Phone '
'records of '
'~109M AT&T '
'customers'}]},
'investigation_status': 'Ongoing (settlement approval hearing scheduled for '
'2025-12-03; two arrests made for 2024 breach)',
'motivation': [{'2024_breach': 'Financial gain (data exfiltration and '
'potential sale on dark web)'}],
'post_incident_analysis': {'corrective_actions': ['$177M settlement for '
'affected customers',
'Enhanced claim processing '
'via Kroll',
'Legal actions against '
'threat actors (two '
'arrests)'],
'root_causes': [{'2019_breach': None},
{'2024_breach': 'Weak credential '
'security in '
'Snowflake '
'environment '
'(shared across '
'~165 '
'companies)'}]},
'ransomware': {'data_exfiltration': [{'2019_breach': 'Yes (data found on dark '
'web)'},
{'2024_breach': 'Yes (via Snowflake)'}]},
'references': [{'source': 'CNET', 'url': 'https://www.cnet.com'},
{'source': 'AT&T Data Incident Settlement Website',
'url': 'https://telecomdatasettlement.com'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuits '
'consolidated and settled for $177 '
'million'},
'response': {'communication_strategy': ['Public disclosures (2024-03 and '
'2024-07)',
'Direct notifications to affected '
'customers via email (Class Member '
'ID)',
'Settlement website and helpline '
'(833-890-4930)'],
'containment_measures': [{'2019_breach': 'Password resets for '
'all affected current '
'customers'},
{'2024_breach': None}],
'incident_response_plan_activated': 'Yes (password resets for '
'2019 breach; legal '
'settlement for both)',
'law_enforcement_notified': 'Yes (two arrests made in connection '
'with 2024 breach)',
'remediation_measures': ['$177 million settlement for affected '
'customers',
'Claim submission process via '
'telecomdatasettlement.com'],
'third_party_assistance': ['Kroll Settlement Administration '
'(claims processing)',
'Law enforcement (arrests made for '
'2024 breach)']},
'stakeholder_advisories': 'Customers advised to file claims by 2025-11-18 via '
'Kroll Settlement Administration',
'threat_actor': [{'2024_breach': 'ShinyHunters (hacker group; two associates '
'arrested)'}],
'title': 'AT&T Data Breaches (2019 and 2024)',
'type': ['Data Breach', 'Unauthorized Access', 'Class-Action Lawsuit'],
'vulnerability_exploited': [{'2024_breach': 'Weak or stolen credentials in '
"Snowflake's cloud environment"}]}