Breach cyber

AT&T

Jul 27, 2025 2 min read
AT&T

AT&T faced two major data breaches exposing customers’ personal information. The first, discovered in 2019 but investigated in 2024, compromised data of **7.6 million current and 65.4 million former customers**, including **Social Security numbers, names, and dates of birth**, which later surfaced on the dark web. The second breach occurred in **April 2024**, when hackers infiltrated AT&T’s cloud provider, **Snowflake**, stealing **call and text records of nearly 109 million U.S. customers**, though no names were attached. Two arrests were made in connection with the latter incident. The breaches triggered **multiple class-action lawsuits**, leading to a **$177 million settlement**. Eligible victims can claim up to **$5,000 (2019 breach) or $2,500 (2024 breach)** with proof of damages, while others will receive a share of the remaining funds. Payments are expected to begin in **early 2026** after court approval.

Source: https://www.al.com/news/2025/07/att-is-paying-customers-177-million-after-data-breaches-exposed-social-security-numbers.html

TPRM report: https://www.rankiteo.com/company/att

"id": "att915090225",
"linkid": "att",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '~182 million (73M in 2019 + '
                                              '109M in 2024)',
                        'industry': 'Telecom',
                        'location': 'United States',
                        'name': 'AT&T',
                        'size': 'Large (millions of customers)',
                        'type': 'Telecommunications'},
                       {'industry': 'Cloud Computing',
                        'location': 'United States',
                        'name': 'Snowflake (cloud provider)',
                        'type': 'Third-Party Vendor'}],
 'attack_vector': ['Dark web data exposure (2019)',
                   'Cloud storage provider compromise (Snowflake, 2024)'],
 'customer_advisories': 'Claims process begins Aug 4, 2025; deadline Nov 18, '
                        '2025. Payments expected early 2026.',
 'data_breach': {'data_exfiltration': 'Yes (dark web in 2019; Snowflake in '
                                      '2024)',
                 'number_of_records_exposed': '~182 million (73M in 2019 + '
                                              '109M in 2024)',
                 'personally_identifiable_information': 'Yes (2019 breach)',
                 'sensitivity_of_data': 'High (SSNs in 2019; metadata in 2024)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII): SSNs, names, '
                                              'dates of birth (2019)',
                                              'Call and text records (2024, no '
                                              'names attached)']},
 'date_detected': ['2024 (for 2019 breach investigation)',
                   'April 2024 (for 2024 breach)'],
 'description': 'AT&T is paying a $177 million settlement after two data '
                'breaches exposed customers’ personal information. The first '
                'breach in 2019 exposed data of 73 million current and former '
                'customers, including SSNs, names, and dates of birth. The '
                'second breach in 2024 involved a hacker accessing call and '
                'text records of ~109 million U.S. customers via AT&T’s cloud '
                'provider, Snowflake. Two arrests were made in connection with '
                'the 2024 breach. Multiple class-action lawsuits followed, '
                'leading to a settlement with payouts up to $5,000 (2019 '
                'breach) and $2,500 (2024 breach) for proven damages.',
 'impact': {'brand_reputation_impact': 'Significant (settlement and public '
                                       'disclosure)',
            'customer_complaints': 'Multiple class-action lawsuits',
            'data_compromised': ['7.6M current + 65.4M former customers '
                                 '(2019): SSNs, names, dates of birth',
                                 '109M U.S. customers (2024): call and text '
                                 'records (no names attached)'],
            'financial_loss': '$177 million (settlement)',
            'identity_theft_risk': 'High (2019 breach: SSNs exposed)',
            'legal_liabilities': '$177M settlement + potential ongoing '
                                 'liabilities',
            'systems_affected': ['AT&T customer databases (2019)',
                                 'Snowflake cloud storage (2024)']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (2019 breach)',
                           'entry_point': ['Unknown (2019)',
                                           'Snowflake cloud compromise (2024)'],
                           'high_value_targets': 'Customer PII (2019); '
                                                 'call/text metadata (2024)'},
 'investigation_status': 'Ongoing (settlement pending final court approval on '
                         'Dec 3, 2025)',
 'motivation': ['Financial gain (likely)', 'Data theft/resale'],
 'references': [{'source': 'CNET'},
                {'source': 'Reuters'},
                {'source': 'AP (Associated Press)'}],
 'regulatory_compliance': {'fines_imposed': '$177 million (settlement)',
                           'legal_actions': 'Class-action lawsuits (two '
                                            'consolidated cases)'},
 'response': {'communication_strategy': 'Email/mail notifications to affected '
                                        'customers (starting Aug 4, 2025)',
              'incident_response_plan_activated': 'Yes (investigation launched '
                                                  'in 2024 for 2019 breach; '
                                                  'immediate response to 2024 '
                                                  'breach)',
              'law_enforcement_notified': 'Yes (two arrests made in 2024 '
                                          'breach)',
              'recovery_measures': 'Settlement payouts ($177M) and customer '
                                   'notifications'},
 'stakeholder_advisories': 'Customers notified via email/mail (Aug 4–Oct 17, '
                           '2025)',
 'threat_actor': ['Unknown (2019 breach)',
                  'Hacker(s) (2024 breach; two arrested)'],
 'title': 'AT&T Data Breaches Settlement (2019 & 2024)',
 'type': ['Data Breach', 'Unauthorized Access', 'Class Action Lawsuit']}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.