AT&T
Company Details
Linkedin ID:
att
Website:
Employees number:
177,538
Number of followers:
1,591,781
NAICS:
517
Industry Type:
Homepage:
att.com
IP Addresses:
674
Company ID:
AT&_1353905
Scan Status:
Completed
AT&T Company CyberSecurity Posture
att.com
We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation? With you. Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable. What are you dreaming of doing with your career? Find stories about our talent, career advice, opportunities, company news, and innovations here on LinkedIn. To learn more about joining AT&T, visit: http://www.att.jobs We provide in some of our posts links to articles or posts from third-party websites unaffiliated with AT&T. In doing so, AT&T is not adopting, endorsing or otherwise approving the content of those articles or posts. AT&T is providing this content for your information only.
AT&T A.I CyberSecurity Scoring
AT&T Risk Score (AI oriented)Between 0 and 549
AT&T
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AT&T Global Score (TPRM)XXXX
AT&T
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AT&T Company CyberSecurity News & History
Past Incidents
28
Attack Types
3
| Entity | Type | Severity | Impact | Seen | Blog Details | Incident Details | View |
|---|---|---|---|---|---|---|---|
| AT&T | Breach | 60 | 3 | 6/2022 | |||
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: In March 2024, AT&T suffered a significant data breach exposing call and text records of nearly all its customers. The compromised data, dating back to 2022 and early 2023, included metadata such as phone numbers, interaction timestamps, and possibly cell tower identifiers—though not the content of communications or personal identifiers like Social Security numbers. The breach was attributed to a third-party cloud platform vulnerability, exploited by cybercriminals to exfiltrate the records. While AT&T claimed no evidence of unauthorized access to its internal systems, the incident raised concerns over privacy violations, potential phishing risks, and regulatory scrutiny. The exposure of such metadata could enable threat actors to map communication patterns, target individuals for scams, or sell the data on dark web forums. AT&T faced reputational damage, customer distrust, and potential legal repercussions, particularly under state data protection laws. The breach underscored vulnerabilities in third-party vendor security and the broader telecom sector’s susceptibility to large-scale data leaks. | |||||||
| AT&T | Breach | 85 | 4 | 3/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In 2024, AT&T suffered **two major data breaches** exposing highly sensitive customer information. The **first breach (March 30, 2024)** leaked **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers (SSNs)** on the dark web, enabling identity theft and financial fraud risks. The **second breach (July 12, 2024)** involved unauthorized access to **telephone numbers, call records, interaction frequencies, and cell site identification numbers** via a third-party cloud platform. Some customers were affected by **both incidents**, with potential payouts reaching **$7,500 per victim** ($5,000 for SSN exposure, $2,500 for call data leaks). AT&T agreed to a **$177 million settlement**, one of the largest in telecom history, acknowledging the severity of the **data exposure** and its **long-term risks**, including fraud, reputational damage, and legal liabilities. The breaches impacted **millions of current and former customers**, with claims requiring documentation of losses. Final payouts depend on the total number of valid claims, with distribution expected in **early 2026** post-court approval. | |||||||
| AT&T | Breach | 85 | 4 | 2/2014 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring. | |||||||
| AT&T | Breach | 85 | 4 | 5/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A massive data breach at AT&T resulted in hackers leaking personal information of 86 million customers. The breach, initially posted on a Russian cybercrime forum on May 15, 2025, and re-uploaded on June 3, 2025, involved a dataset believed to be from a stolen AT&T database. The leaked information includes full names, dates of birth, phone numbers, email addresses, physical addresses, and Social Security numbers (SSNs), with 43,989,219 records containing SSNs. The SSNs and dates of birth, originally encrypted, have now been decrypted, significantly escalating the risk of identity theft, financial fraud, and social engineering attacks. | |||||||
| AT&T | Breach | 85 | 4 | 3/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Vermont Office of the Attorney General reported a data breach involving AT&T on April 9, 2024. The breach occurred on March 26, 2024, when AT&T customer information was included in a dataset released on the dark web on March 17, 2024. The specific number of affected individuals is unknown, but the compromised information may have included full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes. | |||||||
| AT&T | Breach | 85 | 4 | 5/2023 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown. | |||||||
| AT&T | Breach | 85 | 4 | 11/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T agreed to a **$177 million class-action settlement** following two alleged data breaches where **sensitive customer data was exposed and released on the dark web**. The breaches compromised personal and financial information, putting millions of customers at risk of identity theft, fraud, and financial loss. Affected individuals were advised to take immediate protective measures, including changing passwords, enabling multi-factor authentication, monitoring accounts for suspicious activity, and reporting potential identity theft to the Federal Trade Commission. The breach underscored the growing frequency and severity of cyber incidents targeting major corporations, highlighting the need for robust data protection and consumer vigilance. AT&T’s settlement reflects the significant financial and reputational consequences of failing to safeguard customer data, while also offering affected users resources like credit monitoring to mitigate long-term harm. | |||||||
| AT&T | Breach | 85 | 4 | 10/2022 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first breach, announced in **March 2024**, compromised data of **73 million current and former account holders**, including **addresses, birthdates, passcodes, billing numbers, phone numbers, and Social Security numbers**, which were found on the dark web. The second breach, in **July 2024**, involved an **illegal download on a third-party cloud platform**, exposing **call and text records of nearly all AT&T cellular customers** (and those using its network) between **May 1 and October 31, 2022**. The breaches led to a **$177 million class-action settlement**, with affected customers eligible for **up to $7,500** in compensation. The exposed data poses severe risks of **identity theft, financial fraud, and privacy violations**, with long-term reputational and operational consequences for AT&T. The settlement awaits final court approval, with claims filed by **November 18, 2025**. | |||||||
| AT&T | Breach | 85 | 4 | 6/2015 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced a significant data breach that exposed sensitive customer information, including names, addresses, and call records, spanning from 2015 to 2023. The breach led to a $177 million settlement, with affected customers eligible for compensation ranging from hundreds to up to $7,500. The exposed data, while not explicitly including financial or highly sensitive personal details like Social Security numbers, still posed substantial privacy risks. Customers were required to file claims via a dedicated settlement website by November 18, 2024, to receive compensation. The breach underscored vulnerabilities in AT&T’s data protection measures, prompting legal action and financial repercussions for the company. The incident highlighted the broader risks of long-term data exposure, even if the immediate financial or operational impact on customers was not explicitly detailed in the report. | |||||||
| AT&T | Breach | 85 | 4 | 7/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T suffered two major data breaches in **March and July 2024**, exposing sensitive customer information. The **March breach** leaked **Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes**, and other personal data on the dark web. The **July breach** exposed **phone numbers, call logs, interaction counts, call frequencies, and cell site IDs**. Millions of users were affected, with some experiencing **identity theft risks, financial fraud, and reputational harm**. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, depending on the extent of data exposure. The breaches led to **legal action, financial losses for customers, and long-term trust erosion** in the company’s cybersecurity measures. | |||||||
| AT&T | Breach | 85 | 4 | 6/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches in 2024, announced on **March 30** and **July 12**, exposing sensitive customer data. The **March breach** compromised personal information including **names, addresses, phone numbers, emails, dates of birth, account passcodes, billing account numbers, and Social Security numbers** of U.S. customers. The **July breach** involved **telephone numbers of current/former AT&T customers and their interaction records**, potentially exposing call logs and associated metadata. The breaches led to litigation, with AT&T denying wrongdoing but agreeing to a settlement. Eligible victims (Californians and others) can claim **up to $5,000 (March breach) or $2,500 (July breach)** for documented losses, with deadlines set for **November 18, 2025**. The exposed data heightens risks of **identity theft, phishing, financial fraud, and reputational harm**, as sensitive personally identifiable information (PII) and communication records were accessible to unauthorized parties. The incidents underscore systemic vulnerabilities in AT&T’s data security, prompting legal recourse for affected individuals. | |||||||
| AT&T | Breach | 85 | 4 | 5/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed **sensitive personal data** of customers, while the second involved **call and text logs** tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to **$7,500** in compensation, split between two funds: **$149M** for compromised personal data and **$28M** for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like **identity theft, phishing, and account takeovers**, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector. | |||||||
| AT&T | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In 2019, AT&T suffered a data breach exposing **personal information of 72.6 million people** (7.6M current + 65.4M former customers), including **Social Security numbers, birth dates, and legal names**. The breach was only disclosed in **March 2024** after data surfaced on the dark web. In **April 2024**, a second breach occurred when hackers (linked to **ShinyHunters**) accessed **phone records of 109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing data from 2022. Both breaches led to a **$177M class-action settlement**, with payouts up to **$5,000 (2019 breach)** and **$2,500 (2024 breach)** for documented losses. The incidents triggered **password resets for all affected current customers** and legal repercussions, including arrests of two hackers. The breaches exposed **sensitive customer data on a massive scale**, leading to reputational damage, financial losses, and regulatory scrutiny. | |||||||
| AT&T | Breach | 85 | 4 | 3/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T experienced two major data breaches in 2024, exposing highly sensitive personal information of millions of customers. The first breach (March 2024) leaked critical data such as Social Security numbers, account passcodes, addresses, phone numbers, emails, and birth dates—enabling potential identity theft and financial fraud. The second breach (July 2024) exposed call records, including phone numbers, contacted numbers, call durations, and cell site IDs, raising privacy concerns. The company faced a $177 million legal settlement, with affected customers eligible for compensation up to $7,500 depending on documented losses. AT&T attributed the breach to illegal downloads from a third-party cloud platform, discovered in April 2024 but disclosed to customers in July after an investigation. The incident underscores systemic vulnerabilities in data protection, leading to financial penalties, reputational damage, and regulatory scrutiny. The settlement awaits final court approval in January 2026. | |||||||
| AT&T | Breach | 85 | 4 | 3/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first incident (March 30, 2024) leaked highly vulnerable data on the dark web, including **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers**—enabling identity theft and financial fraud. The second breach (July 12, 2024) involved unauthorized downloads of **call records, interaction frequencies, cell site IDs, and phone numbers**, though less severe. Some customers were affected by both breaches. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, with payouts tied to documented losses and exposure severity. The breaches triggered class-action lawsuits, highlighting systemic security failures. Social Security number exposure—critical for fraud—elevates the incident’s gravity, while call metadata leaks, though less damaging, still pose privacy risks. The settlement reflects the scale of harm, with millions potentially impacted nationwide. | |||||||
| AT&T | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches exposing customers’ personal information. The first, discovered in 2019 but investigated in 2024, compromised data of **7.6 million current and 65.4 million former customers**, including **Social Security numbers, names, and dates of birth**, which later surfaced on the dark web. The second breach occurred in **April 2024**, when hackers infiltrated AT&T’s cloud provider, **Snowflake**, stealing **call and text records of nearly 109 million U.S. customers**, though no names were attached. Two arrests were made in connection with the latter incident. The breaches triggered **multiple class-action lawsuits**, leading to a **$177 million settlement**. Eligible victims can claim up to **$5,000 (2019 breach) or $2,500 (2024 breach)** with proof of damages, while others will receive a share of the remaining funds. Payments are expected to begin in **early 2026** after court approval. | |||||||
| AT&T | Breach | 85 | 4 | 6/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches in 2024 (March and July), exposing **millions of customers' personal information**, including **Social Security numbers, birthdates, and phone records**. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to **identity theft and fraud**, leading to a **$177 million settlement**—one of the largest in the telecom sector. The settlement covers **current and former customers**, offering compensation (up to **$7,500 per person**), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to **enhanced security measures** like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the **FCC and FTC** likely to impose stricter breach notification rules and penalties. | |||||||
| AT&T | Breach | 85 | 4 | 6/2022 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T is settling two major data breaches affecting **72.6 million customers** (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The **first breach (March 2024)** exposed highly sensitive data—including **Social Security numbers, birthdates, addresses, passcodes, and billing details**—on the dark web. The **second breach (disclosed July 2024)** involved hackers infiltrating a cloud platform to steal **six months of call/text metadata (2022)**, including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to **$5,000 (first breach)**, **$2,500 (second breach)**, or **$7,500 (both)**. AT&T denies wrongdoing but agreed to a **$177M settlement** to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from **[email protected]** with claim deadlines set for **November 18, 2024**. | |||||||
| AT&T | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T agreed to a **$177 million class-action settlement** following **two major data breaches in 2024**. The first breach (March 30) exposed **customer addresses, Social Security numbers, and passcodes** on the dark web, affecting **over 7 million 2024 account holders and 65 million customers from 2019–2024**. The second breach (July 12) involved hackers illegally downloading **call and text records**. Victims faced **identity theft**, including unauthorized vehicle purchases, credit card applications, and fraudulent bank accounts registered in their names. Florida plaintiffs reported financial losses and persistent spam attacks. AT&T denied wrongdoing but settled to avoid litigation. Affected customers can claim up to **$7,500** with documented losses, with tiered payouts for those without proof. The breaches led to **widespread reputational damage, financial fraud, and long-term trust erosion** among customers. | |||||||
| AT&T Mobility, LLC | Breach | 85 | 4 | 4/2014 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: On June 10, 2014, the California Office of the Attorney General reported a data breach involving AT&T Mobility, LLC. The breach occurred between April 9 and April 21, 2014, involving unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI). The exact number of individuals affected is unknown. | |||||||
| AT&T | Breach | 100 | 4 | 01/2023 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T suffered from a data breach incident after vendor hack that exposed 9 million customers data. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Customer Exclusive Network According to AT&T, information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public. | |||||||
| AT&T | Breach | 100 | 5 | 11/2025 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web. | |||||||
| AT&T | Breach | 100 | 5 | 6/2019 | |||
Rankiteo Explanation : Attack threatening the organization's existenceDescription: AT&T suffered two massive data breaches in **2019** and **2024**, compromising nearly **200 million people** combined. The **2019 breach** exposed **Social Security numbers, birth dates, and legal names** of **7.6 million current** and **65.4 million former customers**, discovered only in **2024** when data surfaced on the dark web. The **2024 breach** involved hackers (linked to **ShinyHunters**) accessing **phone records of ~109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing call and text metadata. Both breaches led to a **$177 million class-action settlement**, with payouts up to **$5,000 (2019 victims with documented losses)** and **$2,500 (2024 victims with proof)**. The breaches triggered **password resets for all affected users**, legal action against two arrested hackers, and consolidated lawsuits. The **2019 incident** received **$149 million** in settlements, while the **2024 Snowflake breach** got **$28 million**. | |||||||
| AT&T | Breach | 100 | 5 | 5/2022 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: AT&T experienced two major data breaches in 2024. The first, announced on **March 30, 2024**, exposed **73 million accounts** (7.6M current, 65.4M former customers), leaking **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers** on the dark web. The second, disclosed on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* cellular customers and landline interactions from **May 1, 2022 – October 31, 2022** via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to **national security risks**. AT&T settled lawsuits for **$177 million**, with affected customers eligible for up to **$7,500** in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data. | |||||||
| AT&T | Breach | 100 | 5 | 10/2022 | |||
Rankiteo Explanation : Attack threatening the organization's existenceDescription: On **March 30, 2024**, AT&T disclosed a massive **data breach** exposing **73 million accounts** (7.6M current + 65.4M former customers). Hackers leaked **dark web datasets** containing **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers**—highly sensitive personal and financial data. A second breach on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* AT&T cellular, MVNO, and landline customers from a **third-party cloud platform** (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered **federal investigations**, **national security concerns** (FBI/DOJ delays), and a **$177M class-action settlement** (up to **$7,500 per victim**). The breaches prompted **state/federal lawsuits**, regulatory scrutiny, and reputational damage, with AT&T facing **customer churn risks** and **operational disruptions** from incident response. | |||||||
| AT&T | Breach | 100 | 5 | 1/2025 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors. | |||||||
| AT&T | Cyber Attack | 100 | 6 | 08/2022 | |||
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. It corresponds to current and former customers of AT&T. It intercepted a 1.6 gigabyte compressed file on a popular dark web file-sharing site. The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs. There are no passwords in the database. AT&T Internet is offered in 21 states and nearly all of the records in the database that contain a state designation corresponded to those 21 states; all other states made up just 1.64 percent of the records. The vast majority of records in this database belong to consumers, but almost 13,000 of the entries are for corporate entities. | |||||||
| AT&T | Ransomware | 85 | 3 | 6/2021 | |||
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The Everest ransomware group claimed to have stolen **576,686 personal records** from **AT&T Careers**, the telecom giant’s official job and recruitment platform. The leaked data reportedly includes applicant and employee records, such as resumes, career-related information, and potentially sensitive personal details. The group posted the listing on its dark web leak site on **October 21**, with a **four-day countdown** before public release, restricting access behind a password. While AT&T has not confirmed the breach, the incident follows prior high-profile breaches, including a **2021 ShinyHunters attack** (70M customer records) and a **2025 leak** (86M decrypted SSNs). The Everest group, known for extorting corporations, has previously targeted companies like Coca-Cola and Mailchimp. The breach raises concerns over **employee data security**, potential **phishing risks**, and AT&T’s cybersecurity posture, especially if third-party vendors were involved. Affected individuals are advised to **reset passwords, enable MFA, and monitor financial/credit activity** for signs of misuse. | |||||||
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In March 2024, AT&T suffered a significant data breach exposing call and text records of nearly all its customers. The compromised data, dating back to 2022 and early 2023, included metadata such as phone numbers, interaction timestamps, and possibly cell tower identifiers—though not the content of communications or personal identifiers like Social Security numbers. The breach was attributed to a third-party cloud platform vulnerability, exploited by cybercriminals to exfiltrate the records. While AT&T claimed no evidence of unauthorized access to its internal systems, the incident raised concerns over privacy violations, potential phishing risks, and regulatory scrutiny. The exposure of such metadata could enable threat actors to map communication patterns, target individuals for scams, or sell the data on dark web forums. AT&T faced reputational damage, customer distrust, and potential legal repercussions, particularly under state data protection laws. The breach underscored vulnerabilities in third-party vendor security and the broader telecom sector’s susceptibility to large-scale data leaks.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In 2024, AT&T suffered **two major data breaches** exposing highly sensitive customer information. The **first breach (March 30, 2024)** leaked **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers (SSNs)** on the dark web, enabling identity theft and financial fraud risks. The **second breach (July 12, 2024)** involved unauthorized access to **telephone numbers, call records, interaction frequencies, and cell site identification numbers** via a third-party cloud platform. Some customers were affected by **both incidents**, with potential payouts reaching **$7,500 per victim** ($5,000 for SSN exposure, $2,500 for call data leaks). AT&T agreed to a **$177 million settlement**, one of the largest in telecom history, acknowledging the severity of the **data exposure** and its **long-term risks**, including fraud, reputational damage, and legal liabilities. The breaches impacted **millions of current and former customers**, with claims requiring documentation of losses. Final payouts depend on the total number of valid claims, with distribution expected in **early 2026** post-court approval.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A massive data breach at AT&T resulted in hackers leaking personal information of 86 million customers. The breach, initially posted on a Russian cybercrime forum on May 15, 2025, and re-uploaded on June 3, 2025, involved a dataset believed to be from a stolen AT&T database. The leaked information includes full names, dates of birth, phone numbers, email addresses, physical addresses, and Social Security numbers (SSNs), with 43,989,219 records containing SSNs. The SSNs and dates of birth, originally encrypted, have now been decrypted, significantly escalating the risk of identity theft, financial fraud, and social engineering attacks.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on April 9, 2024. The breach occurred on March 26, 2024, when AT&T customer information was included in a dataset released on the dark web on March 17, 2024. The specific number of affected individuals is unknown, but the compromised information may have included full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T agreed to a **$177 million class-action settlement** following two alleged data breaches where **sensitive customer data was exposed and released on the dark web**. The breaches compromised personal and financial information, putting millions of customers at risk of identity theft, fraud, and financial loss. Affected individuals were advised to take immediate protective measures, including changing passwords, enabling multi-factor authentication, monitoring accounts for suspicious activity, and reporting potential identity theft to the Federal Trade Commission. The breach underscored the growing frequency and severity of cyber incidents targeting major corporations, highlighting the need for robust data protection and consumer vigilance. AT&T’s settlement reflects the significant financial and reputational consequences of failing to safeguard customer data, while also offering affected users resources like credit monitoring to mitigate long-term harm.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first breach, announced in **March 2024**, compromised data of **73 million current and former account holders**, including **addresses, birthdates, passcodes, billing numbers, phone numbers, and Social Security numbers**, which were found on the dark web. The second breach, in **July 2024**, involved an **illegal download on a third-party cloud platform**, exposing **call and text records of nearly all AT&T cellular customers** (and those using its network) between **May 1 and October 31, 2022**. The breaches led to a **$177 million class-action settlement**, with affected customers eligible for **up to $7,500** in compensation. The exposed data poses severe risks of **identity theft, financial fraud, and privacy violations**, with long-term reputational and operational consequences for AT&T. The settlement awaits final court approval, with claims filed by **November 18, 2025**.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced a significant data breach that exposed sensitive customer information, including names, addresses, and call records, spanning from 2015 to 2023. The breach led to a $177 million settlement, with affected customers eligible for compensation ranging from hundreds to up to $7,500. The exposed data, while not explicitly including financial or highly sensitive personal details like Social Security numbers, still posed substantial privacy risks. Customers were required to file claims via a dedicated settlement website by November 18, 2024, to receive compensation. The breach underscored vulnerabilities in AT&T’s data protection measures, prompting legal action and financial repercussions for the company. The incident highlighted the broader risks of long-term data exposure, even if the immediate financial or operational impact on customers was not explicitly detailed in the report.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T suffered two major data breaches in **March and July 2024**, exposing sensitive customer information. The **March breach** leaked **Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes**, and other personal data on the dark web. The **July breach** exposed **phone numbers, call logs, interaction counts, call frequencies, and cell site IDs**. Millions of users were affected, with some experiencing **identity theft risks, financial fraud, and reputational harm**. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, depending on the extent of data exposure. The breaches led to **legal action, financial losses for customers, and long-term trust erosion** in the company’s cybersecurity measures.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches in 2024, announced on **March 30** and **July 12**, exposing sensitive customer data. The **March breach** compromised personal information including **names, addresses, phone numbers, emails, dates of birth, account passcodes, billing account numbers, and Social Security numbers** of U.S. customers. The **July breach** involved **telephone numbers of current/former AT&T customers and their interaction records**, potentially exposing call logs and associated metadata. The breaches led to litigation, with AT&T denying wrongdoing but agreeing to a settlement. Eligible victims (Californians and others) can claim **up to $5,000 (March breach) or $2,500 (July breach)** for documented losses, with deadlines set for **November 18, 2025**. The exposed data heightens risks of **identity theft, phishing, financial fraud, and reputational harm**, as sensitive personally identifiable information (PII) and communication records were accessible to unauthorized parties. The incidents underscore systemic vulnerabilities in AT&T’s data security, prompting legal recourse for affected individuals.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed **sensitive personal data** of customers, while the second involved **call and text logs** tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to **$7,500** in compensation, split between two funds: **$149M** for compromised personal data and **$28M** for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like **identity theft, phishing, and account takeovers**, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In 2019, AT&T suffered a data breach exposing **personal information of 72.6 million people** (7.6M current + 65.4M former customers), including **Social Security numbers, birth dates, and legal names**. The breach was only disclosed in **March 2024** after data surfaced on the dark web. In **April 2024**, a second breach occurred when hackers (linked to **ShinyHunters**) accessed **phone records of 109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing data from 2022. Both breaches led to a **$177M class-action settlement**, with payouts up to **$5,000 (2019 breach)** and **$2,500 (2024 breach)** for documented losses. The incidents triggered **password resets for all affected current customers** and legal repercussions, including arrests of two hackers. The breaches exposed **sensitive customer data on a massive scale**, leading to reputational damage, financial losses, and regulatory scrutiny.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T experienced two major data breaches in 2024, exposing highly sensitive personal information of millions of customers. The first breach (March 2024) leaked critical data such as Social Security numbers, account passcodes, addresses, phone numbers, emails, and birth dates—enabling potential identity theft and financial fraud. The second breach (July 2024) exposed call records, including phone numbers, contacted numbers, call durations, and cell site IDs, raising privacy concerns. The company faced a $177 million legal settlement, with affected customers eligible for compensation up to $7,500 depending on documented losses. AT&T attributed the breach to illegal downloads from a third-party cloud platform, discovered in April 2024 but disclosed to customers in July after an investigation. The incident underscores systemic vulnerabilities in data protection, leading to financial penalties, reputational damage, and regulatory scrutiny. The settlement awaits final court approval in January 2026.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches in 2024, exposing sensitive customer information. The first incident (March 30, 2024) leaked highly vulnerable data on the dark web, including **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers**—enabling identity theft and financial fraud. The second breach (July 12, 2024) involved unauthorized downloads of **call records, interaction frequencies, cell site IDs, and phone numbers**, though less severe. Some customers were affected by both breaches. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, with payouts tied to documented losses and exposure severity. The breaches triggered class-action lawsuits, highlighting systemic security failures. Social Security number exposure—critical for fraud—elevates the incident’s gravity, while call metadata leaks, though less damaging, still pose privacy risks. The settlement reflects the scale of harm, with millions potentially impacted nationwide.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches exposing customers’ personal information. The first, discovered in 2019 but investigated in 2024, compromised data of **7.6 million current and 65.4 million former customers**, including **Social Security numbers, names, and dates of birth**, which later surfaced on the dark web. The second breach occurred in **April 2024**, when hackers infiltrated AT&T’s cloud provider, **Snowflake**, stealing **call and text records of nearly 109 million U.S. customers**, though no names were attached. Two arrests were made in connection with the latter incident. The breaches triggered **multiple class-action lawsuits**, leading to a **$177 million settlement**. Eligible victims can claim up to **$5,000 (2019 breach) or $2,500 (2024 breach)** with proof of damages, while others will receive a share of the remaining funds. Payments are expected to begin in **early 2026** after court approval.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches in 2024 (March and July), exposing **millions of customers' personal information**, including **Social Security numbers, birthdates, and phone records**. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to **identity theft and fraud**, leading to a **$177 million settlement**—one of the largest in the telecom sector. The settlement covers **current and former customers**, offering compensation (up to **$7,500 per person**), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to **enhanced security measures** like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the **FCC and FTC** likely to impose stricter breach notification rules and penalties.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T is settling two major data breaches affecting **72.6 million customers** (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The **first breach (March 2024)** exposed highly sensitive data—including **Social Security numbers, birthdates, addresses, passcodes, and billing details**—on the dark web. The **second breach (disclosed July 2024)** involved hackers infiltrating a cloud platform to steal **six months of call/text metadata (2022)**, including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to **$5,000 (first breach)**, **$2,500 (second breach)**, or **$7,500 (both)**. AT&T denies wrongdoing but agreed to a **$177M settlement** to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from **[email protected]** with claim deadlines set for **November 18, 2024**.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T agreed to a **$177 million class-action settlement** following **two major data breaches in 2024**. The first breach (March 30) exposed **customer addresses, Social Security numbers, and passcodes** on the dark web, affecting **over 7 million 2024 account holders and 65 million customers from 2019–2024**. The second breach (July 12) involved hackers illegally downloading **call and text records**. Victims faced **identity theft**, including unauthorized vehicle purchases, credit card applications, and fraudulent bank accounts registered in their names. Florida plaintiffs reported financial losses and persistent spam attacks. AT&T denied wrongdoing but settled to avoid litigation. Affected customers can claim up to **$7,500** with documented losses, with tiered payouts for those without proof. The breaches led to **widespread reputational damage, financial fraud, and long-term trust erosion** among customers.
AT&T Mobility, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On June 10, 2014, the California Office of the Attorney General reported a data breach involving AT&T Mobility, LLC. The breach occurred between April 9 and April 21, 2014, involving unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI). The exact number of individuals affected is unknown.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T suffered from a data breach incident after vendor hack that exposed 9 million customers data. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Customer Exclusive Network According to AT&T, information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: AT&T suffered two massive data breaches in **2019** and **2024**, compromising nearly **200 million people** combined. The **2019 breach** exposed **Social Security numbers, birth dates, and legal names** of **7.6 million current** and **65.4 million former customers**, discovered only in **2024** when data surfaced on the dark web. The **2024 breach** involved hackers (linked to **ShinyHunters**) accessing **phone records of ~109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing call and text metadata. Both breaches led to a **$177 million class-action settlement**, with payouts up to **$5,000 (2019 victims with documented losses)** and **$2,500 (2024 victims with proof)**. The breaches triggered **password resets for all affected users**, legal action against two arrested hackers, and consolidated lawsuits. The **2019 incident** received **$149 million** in settlements, while the **2024 Snowflake breach** got **$28 million**.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: AT&T experienced two major data breaches in 2024. The first, announced on **March 30, 2024**, exposed **73 million accounts** (7.6M current, 65.4M former customers), leaking **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers** on the dark web. The second, disclosed on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* cellular customers and landline interactions from **May 1, 2022 – October 31, 2022** via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to **national security risks**. AT&T settled lawsuits for **$177 million**, with affected customers eligible for up to **$7,500** in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: On **March 30, 2024**, AT&T disclosed a massive **data breach** exposing **73 million accounts** (7.6M current + 65.4M former customers). Hackers leaked **dark web datasets** containing **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers**—highly sensitive personal and financial data. A second breach on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* AT&T cellular, MVNO, and landline customers from a **third-party cloud platform** (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered **federal investigations**, **national security concerns** (FBI/DOJ delays), and a **$177M class-action settlement** (up to **$7,500 per victim**). The breaches prompted **state/federal lawsuits**, regulatory scrutiny, and reputational damage, with AT&T facing **customer churn risks** and **operational disruptions** from incident response.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors.
AT&T
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. It corresponds to current and former customers of AT&T. It intercepted a 1.6 gigabyte compressed file on a popular dark web file-sharing site. The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs. There are no passwords in the database. AT&T Internet is offered in 21 states and nearly all of the records in the database that contain a state designation corresponded to those 21 states; all other states made up just 1.64 percent of the records. The vast majority of records in this database belong to consumers, but almost 13,000 of the entries are for corporate entities.
AT&T
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Everest ransomware group claimed to have stolen **576,686 personal records** from **AT&T Careers**, the telecom giant’s official job and recruitment platform. The leaked data reportedly includes applicant and employee records, such as resumes, career-related information, and potentially sensitive personal details. The group posted the listing on its dark web leak site on **October 21**, with a **four-day countdown** before public release, restricting access behind a password. While AT&T has not confirmed the breach, the incident follows prior high-profile breaches, including a **2021 ShinyHunters attack** (70M customer records) and a **2025 leak** (86M decrypted SSNs). The Everest group, known for extorting corporations, has previously targeted companies like Coca-Cola and Mailchimp. The breach raises concerns over **employee data security**, potential **phishing risks**, and AT&T’s cybersecurity posture, especially if third-party vendors were involved. Affected individuals are advised to **reset passwords, enable MFA, and monitor financial/credit activity** for signs of misuse.
AT&T Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AT&T
Incidents vs Telecommunications Industry Average (This Year)
AT&T has 747.46% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
AT&T has 681.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types AT&T vs Telecommunications Industry Avg (This Year)
AT&T reported 5 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 5 data breaches, compared to industry peers with at least 1 incident.
Incident History — AT&T (X = Date, Y = Severity)
AT&T cyber incidents detection timeline including parent company and subsidiaries
AT&T Company Subsidiaries
We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation? With you. Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable. What are you dreaming of doing with your career? Find stories about our talent, career advice, opportunities, company news, and innovations here on LinkedIn. To learn more about joining AT&T, visit: http://www.att.jobs We provide in some of our posts links to articles or posts from third-party websites unaffiliated with AT&T. In doing so, AT&T is not adopting, endorsing or otherwise approving the content of those articles or posts. AT&T is providing this content for your information only.
Loading...
AT&T Similar Companies
e& UAE
(Formerly etisalat UAE) For more than four decades, we have connected people and now we’ve evolved to become the digital telco of the future. Our mission is to grow, transform and excel as the region’s technology leader while enhancing digital customer experience and operation agility. e& UAE offe
Telenor
EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
ZTE Corporation
ZTE connects the world with continuous innovation for a better future. The company provides innovative technologies and integrated solutions, and its portfolio spans communication networks, computing infrastructure, industry digital solutions, and personal and home smart terminals. Serving one t
We believe it’s people who give purpose to our technology. So we’re committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive. We build techno
Telefónica
Telefónica is today one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. We have the best infrastructure, as well as an innovative range of digital and data services; therefore, we are favorably positioned to meet the needs of our cu
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
We are driving the digital transition of Italy and Brazil with innovative technologies and services because we want to contribute to accelerating the sustainable growth of the economy and society by bringing value and prosperity to people, companies and institutions. We offer diversified solutions
Jazz
Pakistan’s number one digital operator and the largest internet and broadband service provider with over 70 million subscribers nationwide. With a legacy of more than 27 years, Jazz maintains market leadership through cutting-edge, integrated technology, the strongest brands and the largest portfoli
.png)
AT&T CyberSecurity News
November 20, 2025 06:28 AM
Comeback effort falls short at Weber State
OGDEN, UTAH – Campbell cut a 21-point deficit to just two, but couldn't complete the comeback in a 91-85 loss at Weber State Wednesday...
November 20, 2025 06:20 AM
Game Preview: Islanders at Red Wings
NEW YORK ISLANDERS (11-7-2) AT DETROIT RED WINGS (12-7-1). 7 PM | LITTLE CAESARS ARENA. WATCH/STREAM: MSGSN 2 | GOTHAM SPORTS APP.
November 20, 2025 06:20 AM
Kids sleeping at school due to 'overcrowded flat'
Family-of-five has said living in a two-bedroom council flat is adversely impacting their health.
November 20, 2025 06:18 AM
Clariant Catalysts wins twice at Prestigious Gulf Energy Information Excellence Awards 2025
Clariant, a sustainability-focused specialty chemical company, today announced that it received two awards at the 2025 Gulf Energy...
November 20, 2025 06:17 AM
LIVE: Israel bombs house in southern Gaza, kills at least 3 Palestinians
At least three Palestinians have been killed in an Israeli air attack on a house in the Bani Suheila area, east of Khan Younis, in southern...
November 20, 2025 06:17 AM
Abby Storm Sets School Record on Day One at Trailblazer Invite
ST. GEORGE, Utah – San Diego State's Abby Storm set a school record in her 50 backstroke relay split on Wednesday to highlight fhe Aztec...
November 20, 2025 06:16 AM
CAR at MIN | Recap
Game-changing highlights from the matchup between the Carolina Hurricanes and the Minnesota Wild.
November 20, 2025 06:08 AM
Men’s Basketball Opens Battle At The Beach With 87-54 Win
LONG BEACH, Calif. – Long Beach State had 12 players play extended minutes in an 87-54 rout of Nobel as the Battle at the Beach began with...
November 20, 2025 06:07 AM
Church sexual abuse survivors 'frustrated' at lack of decision on public enquiry
In a letter to the first and deputy first ministers, survivors said they are frustrated that no decisions have yet been taken to follow up...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AT&T CyberSecurity History Information
Official Website of AT&T
The official website of AT&T is http://www.att.com.
AT&T’s AI-Generated Cybersecurity Score
According to Rankiteo, AT&T’s AI-generated cybersecurity score is 125, reflecting their Critical security posture.
How many security badges does AT&T’ have ?
According to Rankiteo, AT&T currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AT&T have SOC 2 Type 1 certification ?
According to Rankiteo, AT&T is not certified under SOC 2 Type 1.
Does AT&T have SOC 2 Type 2 certification ?
According to Rankiteo, AT&T does not hold a SOC 2 Type 2 certification.
Does AT&T comply with GDPR ?
According to Rankiteo, AT&T is not listed as GDPR compliant.
Does AT&T have PCI DSS certification ?
According to Rankiteo, AT&T does not currently maintain PCI DSS compliance.
Does AT&T comply with HIPAA ?
According to Rankiteo, AT&T is not compliant with HIPAA regulations.
Does AT&T have ISO 27001 certification ?
According to Rankiteo,AT&T is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AT&T
AT&T operates primarily in the Telecommunications industry.
Number of Employees at AT&T
AT&T employs approximately 177,538 people worldwide.
Subsidiaries Owned by AT&T
AT&T presently has no subsidiaries across any sectors.
AT&T’s LinkedIn Followers
AT&T’s official LinkedIn profile has approximately 1,591,781 followers.
NAICS Classification of AT&T
AT&T is classified under the NAICS code 517, which corresponds to Telecommunications.
AT&T’s Presence on Crunchbase
Yes, AT&T has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/at-t.
AT&T’s Presence on LinkedIn
Yes, AT&T maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/att.
Cybersecurity Incidents Involving AT&T
As of November 27, 2025, Rankiteo reports that AT&T has experienced 28 cybersecurity incidents.
Number of Peer and Competitor Companies
AT&T has an estimated 9,535 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AT&T ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach and Cyber Attack.
What was the total financial impact of these incidents on AT&T ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $9.98 billion.
How does AT&T detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with offering one year of free credit monitoring, and incident response plan activated with yes (password resets for 2019 breach; legal settlement for both), and third party assistance with kroll settlement administration (claims processing), third party assistance with law enforcement (arrests made for 2024 breach), and law enforcement notified with yes (two arrests made in connection with 2024 breach), and 2019 breach with password resets for all affected current customers, 2024 breach with none, and remediation measures with $177 million settlement for affected customers, remediation measures with claim submission process via telecomdatasettlement.com, and communication strategy with public disclosures (2024-03 and 2024-07), communication strategy with direct notifications to affected customers via email (class member id), communication strategy with settlement website and helpline (833-890-4930), and incident response plan activated with yes (investigation launched in 2024 for 2019 breach; immediate response to 2024 breach), and law enforcement notified with yes (two arrests made in 2024 breach), and recovery measures with settlement payouts ($177m) and customer notifications, and communication strategy with email/mail notifications to affected customers (starting aug 4, 2025), and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (court-appointed administrator), and recovery measures with settlement funds ($177m) for affected customers, and communication strategy with email notifications ([email protected]) and public announcements via news releases, and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (claims management), and recovery measures with settlement fund ($177m) for affected customers, and communication strategy with emails to affected customers, communication strategy with public statements (denying wrongdoing but settling to avoid litigation), communication strategy with settlement website (www.telecomdatasettlement.com), and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (settlement administrator), and recovery measures with settlement claims process for affected individuals, and communication strategy with email notices sent to settlement class members (from [email protected]); settlement website (telecomdatasettlement.com); faqs and contact helpline (833-890-4930), and incident response plan activated with yes (class action settlement process initiated), and third party assistance with kroll settlement administration (claims processing), and recovery measures with settlement payouts to affected customers (up to $7,500 per person), and communication strategy with email notifications via [email protected], settlement website, and customer support hotline (833-890-4930), and communication strategy with public settlement announcement and claim process via www.telecomdatasettlement.com, and incident response plan activated with yes (password resets for 2019 breach; legal coordination for both), and third party assistance with kroll settlement administration (claims management), third party assistance with law firms (class action settlement), and law enforcement notified with yes (two arrests made for 2024 breach), and breach 2019 with password resets for affected current customers, breach 2024 with snowflake access revoked; investigation into credential compromise, and remediation measures with $177m settlement fund, remediation measures with enhanced monitoring (assumed), and recovery measures with class action settlement website (telecomdatasettlement.com), recovery measures with customer notifications via email, and communication strategy with public disclosures (2024-03 and 2024-07), communication strategy with dedicated settlement website, communication strategy with customer notifications with class member ids, and enhanced monitoring with likely (not explicitly stated), and incident response plan activated with yes (collaboration with fbi/doj), and law enforcement notified with yes (fbi, doj), and communication strategy with delayed disclosure (national security concerns); customer notifications via email (kroll settlement administration), and third party assistance with kroll settlement administration (claims management), and remediation measures with settlement funds for affected customers, remediation measures with extended claim-filing deadlines, and communication strategy with official notices via email/snail mail ([email protected]), communication strategy with dedicated settlement website, communication strategy with customer support hotline (833-890-4930), and recovery measures with class action settlement ($177 million), and communication strategy with public disclosure and customer advisories (e.g., better business bureau recommendations), and incident response plan activated with yes (collaboration with fbi/doj), and law enforcement notified with yes (fbi, doj involved in delay decision), and communication strategy with public announcements (march 30, july 12, 2024), communication strategy with email notifications via kroll settlement administration, communication strategy with settlement website for claims, and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (claims processing), and recovery measures with settlement payouts to victims, and communication strategy with public disclosure, official settlement website, customer notifications, and incident response plan activated with yes (settlement process initiated), and remediation measures with settlement fund established for affected customers, and recovery measures with compensation claims process with deadlines (dec. 18, 2025 for claims; jan. 15, 2026 for final approval hearing), and communication strategy with public settlement announcement; dedicated settlement website for claims, and incident response plan activated with yes (settlement process initiated), and recovery measures with settlement fund of $177 million for affected customers, and communication strategy with public advisories, official settlement website, media coverage (e.g., rolling out, pix11), and incident response plan activated with yes (as part of settlement terms), and third party assistance with kroll settlement administration (managing settlement claims), and remediation measures with improved encryption, remediation measures with enhanced monitoring, and recovery measures with $177 million settlement fund, recovery measures with free credit monitoring and identity theft protection (up to 3 years), recovery measures with reimbursement for documented losses (up to $7,500 per person), and communication strategy with official settlement website (managed by kroll), communication strategy with public awareness campaigns, communication strategy with social media outreach (e.g., x/twitter), and enhanced monitoring with yes (as part of post-breach security overhauls), and and remediation measures with class action settlement ($177m), remediation measures with free credit/identity monitoring for affected customers, and communication strategy with public disclosure, communication strategy with customer advisories (password changes, 2fa, credit freezing), communication strategy with website updates with detailed breach information, and incident response plan activated with yes (investigation initiated in april 2024), and communication strategy with customer notifications began in july 2024..
Incident Details
Can you provide details on each incident ?
Title: Data Breach of AT&T Customer Information
Description: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans corresponding to current and former customers of AT&T.
Type: Data Breach
Attack Vector: Dark Web File-Sharing Site
Title: AT&T Data Breach Incident
Description: AT&T suffered from a data breach incident after a vendor hack that exposed 9 million customers' data. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information.
Type: Data Breach
Attack Vector: Vendor Hack
Title: Salt Typhoon Hacking Campaign
Description: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors.
Type: Hacking Campaign
Threat Actor: Nation-state actors
Title: AT&T Data Breach
Description: A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers.
Date Detected: 2025-05-15
Date Publicly Disclosed: 2025-06-03
Type: Data Breach
Threat Actor: ShinyHunters
Motivation: Data Theft
Title: AT&T Customer Account Breach
Description: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring.
Type: Data Breach
Attack Vector: Unauthorized Access
Title: AT&T Data Breach
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on April 9, 2024. The breach occurred on March 26, 2024, when AT&T customer information was included in a dataset released on the dark web on March 17, 2024. The specific number of affected individuals is unknown, but the compromised information may have included full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes.
Date Detected: 2024-03-26
Date Publicly Disclosed: 2024-04-09
Type: Data Breach
Attack Vector: Dark Web Data Release
Title: AT&T Data Breach
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2023-05-17
Date Publicly Disclosed: 2023-07-13
Type: Data Breach
Title: AT&T Mobility Data Breach
Description: Unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI).
Date Detected: 2014-06-10
Date Publicly Disclosed: 2014-06-10
Type: Data Breach
Attack Vector: Unauthorized Access
Title: AT&T Data Breaches (2019 and 2024)
Description: Two major data breaches at AT&T exposed personal information of nearly 181 million people (72 million in 2019 and 109 million in 2024). The 2019 breach involved Social Security numbers, birth dates, and legal names of 7.6 million current and 65.4 million former customers. The 2024 breach involved phone records from 2022, accessed via Snowflake's cloud-based data warehouse by the hacker group ShinyHunters. AT&T settled a class-action lawsuit for $177 million, with $149 million allocated to the 2019 breach and $28 million to the 2024 breach. Claims are being processed by Kroll Settlement Administration, with deadlines and payouts structured based on documented losses.
Date Detected: 2019 Breach: 2024-03 (disclosed; actual breach occurred in 2019), 2024 Breach: 2024-04 (detected; disclosed in 2024-07),
Date Publicly Disclosed: 2024-03 (2019 breach)2024-07 (2024 breach)
Type: Data Breach
Attack Vector: 2024 Breach: Compromised credentials in Snowflake cloud-based data warehouse (attributed to ShinyHunters hacker group),
Threat Actor: 2024 Breach: ShinyHunters (hacker group; two associates arrested).
Motivation: 2024 Breach: Financial gain (data exfiltration and potential sale on dark web),
Title: AT&T Data Breaches Settlement (2019 & 2024)
Description: AT&T is paying a $177 million settlement after two data breaches exposed customers’ personal information. The first breach in 2019 exposed data of 73 million current and former customers, including SSNs, names, and dates of birth. The second breach in 2024 involved a hacker accessing call and text records of ~109 million U.S. customers via AT&T’s cloud provider, Snowflake. Two arrests were made in connection with the 2024 breach. Multiple class-action lawsuits followed, leading to a settlement with payouts up to $5,000 (2019 breach) and $2,500 (2024 breach) for proven damages.
Date Detected: 2024 (for 2019 breach investigation)April 2024 (for 2024 breach)
Type: Data Breach
Attack Vector: Dark web data exposure (2019)Cloud storage provider compromise (Snowflake, 2024)
Threat Actor: Unknown (2019 breach)Hacker(s) (2024 breach; two arrested)
Motivation: Financial gain (likely)Data theft/resale
Title: AT&T Data Breaches Settlement for 72.6 Million Customers
Description: AT&T is offering settlements totaling $177 million for two separate data breaches affecting millions of customers. The first breach (March 30, 2024) exposed sensitive data of 72.6 million customers (7.6 million current and 65 million former) on the dark web, including SSNs, birthdates, phone numbers, addresses, billing numbers, and passcodes. The second breach (disclosed July 12, 2024) involved the theft of telephone and text message data (call records, aggregate call duration, and cell site details) from a cloud platform over six months in 2022. Eligible victims can claim up to $7,500 if affected by both breaches, with deadlines set for November 18, 2024. AT&T denies wrongdoing but settled to avoid litigation.
Date Detected: 2024-03-302022-01-01
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (First Breach)Cloud Platform Exploitation (Second Breach)
Title: AT&T Data Breaches and $177 Million Settlement (2024)
Description: AT&T agreed to a $177 million class action settlement following two separate data breaches in 2024. The first breach (March 30) exposed customer information—including addresses, Social Security numbers, and passcodes—on the dark web. The second breach (July 12) involved hackers illegally downloading customers' call and text records. Over 73 million people were affected across both incidents (7 million in 2024, 65 million from 2019–2024). The settlement provides tiered compensation (up to $7,500) for documented losses, with claims due by November 18, 2025.
Date Detected: 2024-03-302024-07-12
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Dump (March 2024)Unauthorized Data Download (July 2024)
Motivation: Financial Gain (Identity Theft/Fraud)Data Theft for Resale
Title: AT&T Data Breach Settlement (2024)
Description: AT&T faced two separate data breaches announced in 2024, leading to a settlement for affected individuals in the U.S., particularly Californians. The breaches involved exposure of personal data elements, including names, addresses, telephone numbers, email addresses, dates of birth, account passcodes, billing account numbers, Social Security numbers, and telephone interaction records. AT&T denied wrongdoing but established a settlement process administered by Kroll Settlement Administration, allowing eligible individuals to claim financial compensation for documented losses (up to $5,000 for the first breach and $2,500 for the second). The deadline to file claims is November 18, 2025.
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Title: AT&T Data Breach Settlement
Description: AT&T is set to pay a $177 million class action settlement after two alleged data breaches where sensitive customer data was released on the dark web. The first breach affected 73 million current and former account holders, exposing identity information (addresses, birthdates, passcodes, billing numbers, phone numbers, and Social Security numbers) in a dark web dataset. The second breach, four months later, exposed call and text records of nearly all AT&T cellular customers and providers using the AT&T network between May 1 and October 31, 2022, due to an illegal download on a third-party cloud platform.
Date Detected: 2024-03-012024-07-01
Date Publicly Disclosed: 2024-03-012024-07-01
Type: Data Breach
Attack Vector: Dark Web Data Leak (First Breach)Third-Party Cloud Platform Exploitation (Second Breach)
Title: AT&T Data Breach Settlement (2015–2023)
Description: AT&T is paying out a $177 million settlement after a massive data breach exposed customer names, addresses, and call records. Affected customers (2015–2023) may be eligible for compensation up to $7,500. Claims must be filed by November 18 via www.telecomdatasettlement.com.
Type: Data Breach
Title: AT&T Data Breach Exposing Customer Call and Text Records
Description: In March 2024, AT&T experienced a data breach that exposed records of most of its customers' call and text conversations. The stolen information dated back to 2022 and early 2023. The incident highlights the growing frequency and complexity of cyberattacks, particularly in sectors like telecom, where digital transformation and cloud adoption expand the attack surface. Vulnerability management solutions are critical for proactively identifying, prioritizing, and remediating security flaws in IT infrastructure to mitigate risks such as ransomware, zero-day attacks, and phishing campaigns.
Date Publicly Disclosed: 2024-03
Type: Data Breach
Title: AT&T Data Breaches (2019 & 2024)
Description: AT&T was responsible for two of the largest data breaches in history, affecting nearly 200 million people. The breaches occurred in 2019 (involving personal data like Social Security numbers) and 2024 (involving phone records accessed via Snowflake). A $177 million class action settlement was approved in 2025, with payouts for affected individuals.
Date Detected: Breach 2019: 2024-03-01 (disclosed), Breach 2024: 2024-04-01 (detected), 2024-07-01 (disclosed),
Date Publicly Disclosed: Breach 2019: 2024-03-01, Breach 2024: 2024-07-01,
Type: Data Breach (2019)
Attack Vector: Breach 2019: Unknown (data found on dark web), Breach 2024: Unauthorized access to Snowflake cloud data warehouse (credential-based attack by ShinyHunters),
Threat Actor: Breach 2019: Unknown, Breach 2024: ShinyHunters (hacker group; two arrests made).
Motivation: Breach 2019: Likely financial (data sold on dark web), Breach 2024: Financial (data exfiltration for sale or ransom),
Title: AT&T Data Breaches (March & July 2024)
Description: On March 30, 2024, AT&T announced its first data breach affecting ~73 million accounts (7.6M current + 65.4M former customers), exposing PII like SSNs, addresses, and passcodes on the dark web. A second breach on July 12, 2024, involved call/text metadata for 'nearly all' cellular customers (May–Oct 2022). Federal agencies delayed public disclosure due to national security concerns. AT&T agreed to a $177M settlement ($149M for the first breach, $28M for the second), with claims due by Nov 18, 2024.
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Leak (March 2024)Third-Party Cloud Platform Compromise (July 2024)
Title: AT&T Data Breach Settlement for Two Cyber Incidents
Description: A $177 million settlement resolves claims from two separate cyber incidents affecting AT&T customers. The first incident involved compromised personal data, while the second exposed call and text logs tied to the Snowflake ecosystem. Affected customers may qualify for payments up to $7,500, with funds divided into a $149 million pool (for personal data breaches) and a $28 million pool (for call/text log exposures). Claims are managed by Kroll Settlement Administration, with deadlines extended by court order.
Type: Data Breach
Title: AT&T Careers Data Leak by Everest Ransomware Group
Description: The Everest ransomware group claims to hold 576,686 personal records linked to AT&T Careers, the telecom giant’s official job and recruitment platform. The listing appeared on October 21, 2025, on the group's dark web leak site, with a password-protected entry and a four-day countdown before public release. The data may include recruitment, applicant, or employee records. AT&T has not yet publicly confirmed or denied the breach.
Date Detected: 2025-10-21
Date Publicly Disclosed: 2025-10-21
Type: data breach
Threat Actor: Everest ransomware group
Motivation: financial extortiondata theft
Title: AT&T Data Breach Settlement
Description: AT&T is set to pay a $177 million class action settlement after two alleged data breaches where sensitive customer data was released on the dark web. The breaches exposed customer data, prompting advisories for affected individuals to secure their personal information and monitor for identity theft.
Type: Data Breach
Title: AT&T Data Breaches (March & July 2024)
Description: AT&T experienced two major data breaches in 2024. The first, announced on March 30, 2024, affected ~73 million accounts (7.6M current, 65.4M former customers), exposing addresses, Social Security numbers, birthdates, passcodes, billing numbers, and phone numbers via a dark web dataset. The second, announced on July 12, 2024, involved hackers downloading call and text records (excluding content) of 'nearly all' cellular customers and landline interactions from May 1–October 31, 2022, from a third-party cloud platform. Federal agencies (FBI, DOJ) delayed public disclosure due to national security concerns. AT&T agreed to a $177M settlement ($149M for the first breach, $28M for the second), with eligible customers able to claim up to $7,500 in compensation.
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (First Breach)Third-Party Cloud Platform Compromise (Second Breach)
Title: AT&T Data Breach Settlement (2024)
Description: AT&T agreed to a $177 million settlement for two major data breaches in 2024 (March and July), exposing millions of customers' sensitive data, including Social Security numbers, birthdates, account details, phone numbers, and call logs. Victims can claim up to $7,500 if filed before November 18, 2025. The settlement covers documented losses, with payouts tiered based on data exposure severity. Claims are processed online or via mail, with payouts expected in 2026 post-court approval.
Date Detected: 2024-03-302024-07-12
Date Publicly Disclosed: 2025-08-01
Type: Data Breach
Title: AT&T Data Breaches (March & July 2024) and $177 Million Settlement
Description: AT&T agreed to a $177 million settlement following two significant data breaches in 2024 that exposed customer information, including Social Security numbers, phone records, and other sensitive data. The settlement addresses class action lawsuits, with eligible customers required to file claims by December 18, 2025, to receive compensation of up to $7,500 for those affected by both breaches. The first breach (March 30, 2024) involved highly sensitive data posted on the dark web, while the second (July 12, 2024) involved unauthorized downloads of call records and phone interaction data. Payments are structured in tiers based on the type of data compromised and documented losses.
Date Detected: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (March 2024)Unauthorized Data Download (July 2024)
Threat Actor: Unauthorized Individuals
Motivation: Financial Gain (Potential Identity Theft/Fraud)Data Exfiltration for Resale
Title: AT&T 2024 Data Breaches Settlement
Description: AT&T agreed to pay $177 million to victims of two major 2024 data breaches that exposed sensitive customer data, including Social Security numbers and call records. Affected customers must file claims by December 18, 2025, for compensation, with maximum individual payouts reaching $7,500 for those impacted by both incidents. The settlement is one of the largest in telecom history, reflecting the severity of the breaches and the potential risks to affected individuals.
Date Detected: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (March 2024)Third-Party Cloud Platform Exploitation (July 2024)
Title: AT&T Data Breaches Settlement (2024)
Description: AT&T Inc. agreed to pay $177 million to resolve claims from two major data breaches in 2024 that compromised the personal information of millions of customers. The breaches, announced in March and July 2024, exposed sensitive data including Social Security numbers, birthdates, and phone records. The settlement covers individuals affected by either the 'AT&T 1 Data Incident' or the 'AT&T 2 Data Incident,' with claims reaching up to $7,500 per person. The deal includes provisions for free credit monitoring and identity theft protection, alongside commitments to enhance data security measures such as improved encryption and monitoring.
Date Publicly Disclosed: March 2024July 2024
Type: Data Breach
Vulnerability Exploited: Outdated security protocolsSophisticated hacking attempts
Title: AT&T Data Breach Settlement
Description: AT&T is set to pay a $177 million class action settlement after two alleged data breaches where sensitive customer data was released on the dark web. The breaches exposed customer information, including highly sensitive personal details like Social Security numbers, financial data, and other personally identifiable information (PII). Customers were advised to change passwords, enable 2FA, monitor financial accounts, and consider freezing their credit if their SSN was compromised. AT&T offered free credit or identity monitoring services to affected individuals.
Type: Data Breach
Motivation: Financial GainData Theft
Title: AT&T Data Breaches (March & July 2024)
Description: AT&T suffered two major data breaches in 2024, exposing personal and call-related data of millions of customers. The breaches led to a $177 million legal settlement, with affected customers eligible for compensation up to $7,500. The first breach (March 2024) exposed highly sensitive personal data, while the second (July 2024) involved call metadata. AT&T attributed the breaches to illegal downloads from a third-party cloud platform. The settlement awaits final court approval in January 2026.
Date Detected: 2024-04
Date Publicly Disclosed: 2024-07
Type: Data Breach
Attack Vector: Third-party cloud platform compromise
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Dark Web File-Sharing Site, 2024 Breach: Compromised Snowflake credentials, , Unknown (2019)Snowflake cloud compromise (2024), Dark web dataset (First Breach)Third-party cloud platform (Second Breach), Breach 2019: Unknown (dark web leak), Breach 2024: Compromised Snowflake credentials (likely via ShinyHunters), and Third-party cloud platform.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ATT2145281022
Data Compromised: Names, Addresses, Email addresses, Phone numbers, Social security numbers, Dates of birth
Incident : Data Breach ATT41910723
Data Compromised: Customer first names, Wireless account numbers, Wireless phone numbers, Email addresses, Number of lines on an account, Wireless rate plan
Incident : Hacking Campaign ATT000011825
Data Compromised: Phone calls, Text messages, Law enforcement wiretap systems
Incident : Data Breach ATT344060525
Data Compromised: Full names, Dates of birth, Phone numbers, Email addresses, Physical addresses, Social security numbers (ssns)
Identity Theft Risk: High
Incident : Data Breach ATT025072625
Data Compromised: Customer proprietary network information (cpni)
Incident : Data Breach ATT820072625
Data Compromised: Full names, Email addresses, Mailing addresses, Phone numbers, Social security numbers, Dates of birth, At&t account numbers, At&t passcodes
Incident : Data Breach ATT252072925
Data Compromised: Names, Addresses, Social security numbers
Incident : Data Breach ATT444072925
Data Compromised: Social security numbers, Customer proprietary network information (cpni)
Incident : Data Breach ATT914090225
Financial Loss: $177 million (settlement amount)
Data Compromised: 2019 Breach: Social Security numbers, birth dates, legal names (7.6M current + 65.4M former customers), 2024 Breach: Phone records from 2022 (109M customers),
Systems Affected: 2024 Breach: Snowflake cloud-based data warehouse.
Operational Impact: Password resets for all affected current customers (2019 breach)High traffic to settlement claim website requiring virtual queue (2024)
Customer Complaints: Class-action lawsuits filed by affected customers
Brand Reputation Impact: Significant (high-profile breaches and prolonged legal proceedings)
Legal Liabilities: $177 million settlement (split: $149M for 2019 breach, $28M for 2024 breach)
Identity Theft Risk: High (Social Security numbers and personal data exposed in 2019 breach)
Incident : Data Breach ATT915090225
Financial Loss: $177 million (settlement)
Data Compromised: 7.6m current + 65.4m former customers (2019): ssns, names, dates of birth, 109m u.s. customers (2024): call and text records (no names attached)
Systems Affected: AT&T customer databases (2019)Snowflake cloud storage (2024)
Customer Complaints: Multiple class-action lawsuits
Brand Reputation Impact: Significant (settlement and public disclosure)
Legal Liabilities: $177M settlement + potential ongoing liabilities
Identity Theft Risk: High (2019 breach: SSNs exposed)
Incident : Data Breach ATT4065240090625
Financial Loss: $177 million (settlement funds: $149M + $28M)
Data Compromised: Social security numbers (ssns), Birthdates, Phone numbers, Addresses, Billing numbers, Passcodes, Call records (phone numbers, aggregate call duration, cell site details)
Systems Affected: Customer Databases (First Breach)Cloud Platform (Second Breach)
Customer Complaints: Expected (class-action lawsuits filed)
Brand Reputation Impact: Moderate to High (public disclosure, settlements, and potential loss of customer trust)
Legal Liabilities: Class-action lawsuits settled; AT&T denies wrongdoing but agreed to payouts to avoid litigation
Identity Theft Risk: High (SSNs and personal data exposed in first breach)
Payment Information Risk: Moderate (billing numbers and passcodes exposed)
Incident : Data Breach ATT1792517092425
Financial Loss: $177 million (settlement amount)
Data Compromised: Addresses, Social security numbers, Passcodes (march 2024), Call and text records (july 2024)
Customer Complaints: ['Spam calls/texts/emails', 'Unauthorized financial transactions (e.g., vehicle purchases, credit card applications)']
Brand Reputation Impact: Significant (class action lawsuits, public distrust)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (documented cases of fraud using stolen data)
Payment Information Risk: Indirect (via linked accounts, e.g., Wells Fargo autopay)
Incident : Data Breach ATT3592735092525
Data Compromised: Names, Addresses, Telephone numbers, Email addresses, Dates of birth, Account passcodes, Billing account numbers, Social security numbers, Telephone interaction records (numbers of customers and those they interacted with)
Customer Complaints: Backlash and privacy concerns reported
Brand Reputation Impact: Negative (privacy concerns, legal settlement)
Legal Liabilities: Settlement established for affected individuals; potential fines or legal actions not specified
Identity Theft Risk: High (due to exposure of PII like SSNs, account details)
Incident : Data Breach ATT0502305092825
Financial Loss: $177 million (settlement amount)
Data Compromised: Identity information (addresses, birthdates, passcodes, billing numbers, phone numbers, social security numbers) - first breach, Call and text records (may 1 to october 31, 2022) - second breach
Systems Affected: AT&T customer databases (First Breach)Third-party cloud platform (Second Breach)
Brand Reputation Impact: Significant (class action lawsuit and settlement)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (SSNs and personal data exposed)
Payment Information Risk: Moderate (billing numbers exposed)
Incident : Data Breach ATT2892228093025
Financial Loss: $177 million (settlement payout)
Data Compromised: Customer names, Addresses, Call records
Brand Reputation Impact: Potential reputational damage due to breach and settlement
Legal Liabilities: $177 million settlement
Identity Theft Risk: Possible (due to exposed PII)
Incident : Data Breach ATT3202032100125
Data Compromised: Call records, Text message records
Brand Reputation Impact: High (potential loss of customer trust due to exposure of sensitive communication data)
Incident : Data Breach (2019) ATT3362133100925
Financial Loss: $177 million (settlement payout: $149M for 2019 breach, $28M for 2024 breach)
Data Compromised: Breach 2019: 73 million records (7.6M current + 65.4M former customers), Breach 2024: 109 million records (phone records from 2022),
Systems Affected: Breach 2019: AT&T customer databases, Breach 2024: Snowflake cloud data warehouse.
Operational Impact: Password resets for 7.6M current customers (2019)Legal and settlement administration overhead
Customer Complaints: Multiple lawsuits consolidated into class action
Brand Reputation Impact: Significant (one of the largest breaches in history; public distrust)
Legal Liabilities: $177 million settlement + potential regulatory fines
Identity Theft Risk: [{'breach_2019': 'High (SSNs, birth dates, legal names exposed)', 'breach_2024': 'Moderate (phone records, call logs)'}]
Incident : Data Breach ATT4692046101025
Data Compromised: Addresses, Social security numbers, Birthdates, Passcodes, Billing numbers, Phone numbers, Call/text metadata (may 1, 2022 – oct 31, 2022)
Systems Affected: Customer DatabasesThird-Party Cloud Platform
Brand Reputation Impact: High (Class-action lawsuits, regulatory scrutiny)
Legal Liabilities: $177M settlement (pending court approval)
Identity Theft Risk: High (SSNs, PII exposed)
Payment Information Risk: Low (No payment card data confirmed)
Incident : Data Breach ATT0092600102125
Financial Loss: Up to $7,500 per affected customer (settlement payouts)
Data Compromised: Personal data (e.g., names, contact info), Call and text logs
Revenue Loss: $177 million (settlement cost)
Brand Reputation Impact: High (due to sensitive telecom data exposure and regulatory scrutiny)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (potential for account takeovers, phishing, and identity theft)
Incident : data breach ATT2192021102425
Data Compromised: Personal records (576,686), Potential recruitment/applicant/employee data
Systems Affected: AT&T Careers platform (job and recruitment portal)
Brand Reputation Impact: Potential reputational damage due to repeated breaches and lack of immediate public response
Identity Theft Risk: High (if records include PII like resumes, contact details, or SSNs)
Incident : Data Breach ATT3502335110525
Financial Loss: $177 million (settlement amount)
Data Compromised: Sensitive customer data (details unspecified)
Brand Reputation Impact: High (due to public disclosure and settlement)
Legal Liabilities: $177 million class action settlement
Identity Theft Risk: High (customer data exposed on dark web)
Incident : Data Breach ATT5202352111325
Financial Loss: $177 million (settlement total)
Data Compromised: Breach 1: Addresses, Social Security numbers, Birthdates, Passcodes, Billing numbers, Phone numbers, Breach 2: Call records (metadata), Text records (metadata),
Systems Affected: Customer databases (First Breach)Third-party cloud platform (Second Breach)
Customer Complaints: Multiple state/federal lawsuits filed
Brand Reputation Impact: Significant (class-action lawsuits, regulatory scrutiny)
Legal Liabilities: $177 million settlement (pending court approval)
Identity Theft Risk: High (for first breach, due to SSN exposure)
Payment Information Risk: Moderate (billing numbers exposed in first breach)
Incident : Data Breach ATT4392343111325
Financial Loss: $177 million (settlement amount)
Data Compromised: Social security numbers, Birthdates, Names, Addresses, Email ids, Phone numbers, Billing account numbers, Account passcodes, Call logs, Interaction counts, Call frequencies, Cell site ids
Customer Complaints: Millions of affected customers
Brand Reputation Impact: Significant (class-action settlement, public disclosure)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (SSNs, PII exposed)
Payment Information Risk: Moderate (billing account numbers exposed)
Incident : Data Breach ATT1393413111325
Financial Loss: Up to $7,500 per affected individual (settlement payout); total settlement fund: $177 million
Data Compromised: Names, Addresses, Telephone numbers, Email addresses, Dates of birth, Account passcodes, Billing account numbers, Social security numbers (march 2024 breach), Call records (july 2024 breach), Cell site identification numbers (subset of individuals in july 2024 breach)
Customer Complaints: Class action lawsuits filed; settlement indicates significant customer dissatisfaction
Brand Reputation Impact: High (one of the largest telecommunications data breach settlements in recent years)
Legal Liabilities: $177 million settlement; class action lawsuits consolidated and resolved
Identity Theft Risk: High (Social Security numbers exposed in March 2024 breach)
Incident : Data Breach ATT1803418111425
Financial Loss: $177 million (settlement fund)
Data Compromised: Names, Addresses, Phone numbers, Email addresses, Dates of birth, Account passcodes, Billing numbers, Social security numbers (ssns), Call records (telephone numbers interacted with, call frequency, cell site identification numbers)
Systems Affected: AT&T customer databasesThird-party cloud platform (July 2024 breach)
Customer Complaints: Class action lawsuits consolidated in federal court
Brand Reputation Impact: Significant; one of the largest payouts in telecom history, reflecting severe public and legal scrutiny
Legal Liabilities: $177 million settlement, class action lawsuits
Identity Theft Risk: High (due to exposure of SSNs and personal data)
Payment Information Risk: Moderate (billing numbers exposed)
Incident : Data Breach ATT0893608111425
Financial Loss: $177 million (settlement amount)
Data Compromised: Social security numbers, Birthdates, Phone records, At&t-specific fields (march breach), Phone numbers (july breach)
Brand Reputation Impact: Significant; public scrutiny and loss of trust
Legal Liabilities: Multidistrict litigation consolidated under Judge Ada E. Brown; one of the largest telecom-related settlements in recent years
Identity Theft Risk: High; exposed data includes sensitive PII vulnerable to identity theft and fraud
Incident : Data Breach ATT3032030111625
Financial Loss: $177 million (settlement amount)
Customer Complaints: True
Brand Reputation Impact: High (due to public disclosure and settlement)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (SSNs and financial data exposed)
Payment Information Risk: High (financial data compromised)
Incident : Data Breach ATT3033030111925
Financial Loss: $177 million (settlement)
Data Compromised: Phone numbers, Addresses, Email addresses, Birth dates, Account passcodes, Account numbers, Social security numbers, Call records (phone numbers, contacted numbers, interaction counts, call durations, cell site ids)
Systems Affected: Third-party cloud platform
Customer Complaints: High (millions affected)
Brand Reputation Impact: Significant (publicized breaches and settlement)
Legal Liabilities: $177 million settlement + potential individual claims
Identity Theft Risk: High (SSNs and personal data exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $356.36 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Email Addresses, Phone Numbers, Social Security Numbers, Dates Of Birth, , Customer First Names, Wireless Account Numbers, Wireless Phone Numbers, Email Addresses, Number Of Lines On An Account, Wireless Rate Plan, , Phone Calls, Text Messages, Law Enforcement Wiretap Systems, , Full Names, Dates Of Birth, Phone Numbers, Email Addresses, Physical Addresses, Social Security Numbers (Ssns), , Customer Proprietary Network Information (Cpni), , Full Names, Email Addresses, Mailing Addresses, Phone Numbers, Social Security Numbers, Dates Of Birth, At&T Account Numbers, At&T Passcodes, , Pii, , Social Security Numbers, Customer Proprietary Network Information (Cpni), , 2019 Breach: Social Security numbers, birth dates, legal names, 2024 Breach: Phone records (2022 data), , Personally Identifiable Information (Pii): Ssns, Names, Dates Of Birth (2019), Call And Text Records (2024, No Names Attached), , Personally Identifiable Information (Pii), Call Records, Telecommunications Metadata, , Personally Identifiable Information (Pii), Call/Text Records, Authentication Credentials (Passcodes), , Personally Identifiable Information (Pii), Account Information, Telephone Interaction Records, , Personally Identifiable Information (Pii), Call And Text Records, , Personally Identifiable Information (Pii), Call Records, , Call Records, Text Message Metadata, , Breach 2019: PII (Social Security numbers, birth dates, legal names), Breach 2024: Phone records (call logs, metadata from 2022), , Personally Identifiable Information (Pii), Call/Text Metadata, , Personal Data (E.G., Names, Contact Info), Call And Text Logs, , Personal Records, Recruitment Data, Applicant/Employee Information, , Sensitive customer data, Personally Identifiable Information (Pii), Telecommunications Metadata, , Personally Identifiable Information (Pii), Financial Data (Billing Account Numbers), Telecom Metadata (Call Logs, Cell Site Ids), , Personally Identifiable Information (Pii), Financial Data (Billing Account Numbers), Call Metadata (Phone Numbers, Call Records, Cell Site Ids), , Personally Identifiable Information (Pii), Call Records And Metadata, , Personally Identifiable Information (Pii), Social Security Numbers, Birthdates, Phone Records, Phone Numbers, , Personally Identifiable Information (Pii), Social Security Numbers (Ssns), Financial Data, Email Addresses, Phone Numbers, Medical Information (Potential), , Personal Identifiable Information (Pii), Call Detail Records (Cdr) and .
Which entities were affected by each incident ?
Incident : Data Breach ATT2145281022
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: 21 states in the US
Customers Affected: 23 million
Incident : Data Breach ATT41910723
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Customers Affected: 9 million
Incident : Hacking Campaign ATT000011825
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach ATT344060525
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 86,017,090
Incident : Data Breach ATT025072625
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT820072625
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach ATT252072925
Entity Name: AT&T
Entity Type: Corporation
Industry: Telecommunications
Incident : Data Breach ATT444072925
Entity Name: AT&T Mobility, LLC
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT914090225
Entity Name: AT&T
Entity Type: Telecommunications Corporation
Industry: Telecommunications
Location: United States
Size: Large (109M+ customers in 2024 breach)
Customers Affected: 181 million (72M in 2019, 109M in 2024)
Incident : Data Breach ATT914090225
Entity Name: Snowflake (2024 breach only)
Entity Type: Cloud Data Warehouse Provider
Industry: Cloud Computing
Location: United States
Customers Affected: 165+ companies targeted by ShinyHunters (including AT&T)
Incident : Data Breach ATT915090225
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (millions of customers)
Customers Affected: ~182 million (73M in 2019 + 109M in 2024)
Incident : Data Breach ATT915090225
Entity Name: Snowflake (cloud provider)
Entity Type: Third-Party Vendor
Industry: Cloud Computing
Location: United States
Incident : Data Breach ATT4065240090625
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States (Nationwide, including Kansas)
Size: Large (Tens of millions of current/former customers)
Customers Affected: 72.6 million (7.6 million current + 65 million former)
Incident : Data Breach ATT1792517092425
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (millions of customers)
Customers Affected: 73+ million (7M in 2024, 65M from 2019–2024)
Incident : Data Breach ATT3592735092525
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States (primarily affecting Californians)
Customers Affected: All U.S. individuals whose data was included in either breach (specific numbers not provided)
Incident : Data Breach ATT0502305092825
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Size: Large (millions of customers)
Customers Affected: 73 million (First Breach), nearly all cellular customers (Second Breach)
Incident : Data Breach ATT2892228093025
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (Fortune 500)
Customers Affected: Customers between 2015 and 2023 (exact number unspecified)
Incident : Data Breach ATT3202032100125
Entity Name: AT&T Inc.
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Size: Large Enterprise
Customers Affected: Most of AT&T's customer base (records dating back to 2022 and early 2023)
Incident : Data Breach (2019) ATT3362133100925
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (Fortune 500)
Customers Affected: ~200 million (73M in 2019, 109M in 2024; overlap possible)
Incident : Data Breach (2019) ATT3362133100925
Entity Name: Snowflake (2024 breach only)
Entity Type: Cloud Data Warehouse Provider
Industry: Technology
Location: United States
Size: Large
Customers Affected: AT&T's 109M US customers (indirectly)
Incident : Data Breach ATT4692046101025
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: Dallas, Texas, USA
Size: Large (Millions of customers)
Customers Affected: 73,000,000 (March 2024); 'Nearly all' cellular customers (July 2024)
Incident : Data Breach ATT0092600102125
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (multinational corporation)
Customers Affected: Current and past AT&T customers (exact number unspecified)
Incident : data breach ATT2192021102425
Entity Name: AT&T
Entity Type: corporation
Industry: telecommunications
Location: United States
Size: large (global enterprise)
Customers Affected: 576,686 (potential applicants/employees)
Incident : Data Breach ATT3502335110525
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT5202352111325
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: Dallas, Texas, USA
Size: Large (millions of customers)
Customers Affected: ~73 million (first breach), 'nearly all' cellular customers (second breach)
Incident : Data Breach ATT5202352111325
Entity Name: Mobile Virtual Network Operators (MVNOs) using AT&T's network
Entity Type: Telecommunications Providers
Industry: Telecommunications
Location: USA
Customers Affected: Included in second breach
Incident : Data Breach ATT5202352111325
Entity Name: AT&T Landline Customers
Entity Type: Telecommunications Customers
Location: USA
Customers Affected: Interacted with cellular numbers during May 1–October 31, 2022 (second breach)
Incident : Data Breach ATT4392343111325
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecom
Location: United States
Size: Large (millions of customers)
Customers Affected: Millions
Incident : Data Breach ATT1393413111325
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (Millions of customers nationwide)
Customers Affected: Millions (exact number undisclosed)
Incident : Data Breach ATT1803418111425
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (millions of customers affected)
Customers Affected: Millions (exact number unspecified)
Incident : Data Breach ATT0893608111425
Entity Name: AT&T Inc.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (millions of customers affected)
Customers Affected: Nearly all of AT&T’s customer base at the time (millions)
Incident : Data Breach ATT3032030111625
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT3033030111925
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Size: Large (millions of customers)
Customers Affected: Millions
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ATT025072625
Remediation Measures: Offering one year of free credit monitoring
Incident : Data Breach ATT914090225
Incident Response Plan Activated: Yes (password resets for 2019 breach; legal settlement for both)
Third Party Assistance: Kroll Settlement Administration (Claims Processing), Law Enforcement (Arrests Made For 2024 Breach).
Law Enforcement Notified: Yes (two arrests made in connection with 2024 breach)
Containment Measures: 2019 Breach: Password resets for all affected current customers,
Remediation Measures: $177 million settlement for affected customersClaim submission process via telecomdatasettlement.com
Communication Strategy: Public disclosures (2024-03 and 2024-07)Direct notifications to affected customers via email (Class Member ID)Settlement website and helpline (833-890-4930)
Incident : Data Breach ATT915090225
Incident Response Plan Activated: Yes (investigation launched in 2024 for 2019 breach; immediate response to 2024 breach)
Law Enforcement Notified: Yes (two arrests made in 2024 breach)
Recovery Measures: Settlement payouts ($177M) and customer notifications
Communication Strategy: Email/mail notifications to affected customers (starting Aug 4, 2025)
Incident : Data Breach ATT4065240090625
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (court-appointed administrator)
Recovery Measures: Settlement funds ($177M) for affected customers
Communication Strategy: Email notifications ([email protected]) and public announcements via news releases
Incident : Data Breach ATT1792517092425
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (claims management)
Recovery Measures: Settlement fund ($177M) for affected customers
Communication Strategy: Emails to affected customersPublic statements (denying wrongdoing but settling to avoid litigation)Settlement website (www.telecomdatasettlement.com)
Incident : Data Breach ATT3592735092525
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (settlement administrator)
Recovery Measures: Settlement claims process for affected individuals
Communication Strategy: Email notices sent to settlement class members (from [email protected]); settlement website (telecomdatasettlement.com); FAQs and contact helpline (833-890-4930)
Incident : Data Breach ATT0502305092825
Incident Response Plan Activated: Yes (class action settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (claims processing)
Recovery Measures: Settlement payouts to affected customers (up to $7,500 per person)
Communication Strategy: Email notifications via [email protected], settlement website, and customer support hotline (833-890-4930)
Incident : Data Breach ATT2892228093025
Communication Strategy: Public settlement announcement and claim process via www.telecomdatasettlement.com
Incident : Data Breach (2019) ATT3362133100925
Incident Response Plan Activated: Yes (password resets for 2019 breach; legal coordination for both)
Third Party Assistance: Kroll Settlement Administration (Claims Management), Law Firms (Class Action Settlement).
Law Enforcement Notified: Yes (two arrests made for 2024 breach)
Containment Measures: Breach 2019: Password resets for affected current customers, Breach 2024: Snowflake access revoked; investigation into credential compromise,
Remediation Measures: $177M settlement fundEnhanced monitoring (assumed)
Recovery Measures: Class action settlement website (telecomdatasettlement.com)Customer notifications via email
Communication Strategy: Public disclosures (2024-03 and 2024-07)Dedicated settlement websiteCustomer notifications with Class Member IDs
Enhanced Monitoring: Likely (not explicitly stated)
Incident : Data Breach ATT4692046101025
Incident Response Plan Activated: Yes (Collaboration with FBI/DOJ)
Law Enforcement Notified: Yes (FBI, DOJ)
Communication Strategy: Delayed disclosure (national security concerns); Customer notifications via email (Kroll Settlement Administration)
Incident : Data Breach ATT0092600102125
Third Party Assistance: Kroll Settlement Administration (Claims Management).
Remediation Measures: Settlement funds for affected customersExtended claim-filing deadlines
Communication Strategy: Official notices via email/snail mail ([email protected])Dedicated settlement websiteCustomer support hotline (833-890-4930)
Incident : Data Breach ATT3502335110525
Recovery Measures: Class action settlement ($177 million)
Communication Strategy: Public disclosure and customer advisories (e.g., Better Business Bureau recommendations)
Incident : Data Breach ATT5202352111325
Incident Response Plan Activated: Yes (collaboration with FBI/DOJ)
Law Enforcement Notified: Yes (FBI, DOJ involved in delay decision)
Communication Strategy: Public announcements (March 30, July 12, 2024)Email notifications via Kroll Settlement AdministrationSettlement website for claims
Incident : Data Breach ATT4392343111325
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (claims processing)
Recovery Measures: Settlement payouts to victims
Communication Strategy: Public disclosure, official settlement website, customer notifications
Incident : Data Breach ATT1393413111325
Incident Response Plan Activated: Yes (settlement process initiated)
Remediation Measures: Settlement fund established for affected customers
Recovery Measures: Compensation claims process with deadlines (Dec. 18, 2025 for claims; Jan. 15, 2026 for final approval hearing)
Communication Strategy: Public settlement announcement; dedicated settlement website for claims
Incident : Data Breach ATT1803418111425
Incident Response Plan Activated: Yes (settlement process initiated)
Recovery Measures: Settlement fund of $177 million for affected customers
Communication Strategy: Public advisories, official settlement website, media coverage (e.g., Rolling Out, PIX11)
Incident : Data Breach ATT0893608111425
Incident Response Plan Activated: Yes (as part of settlement terms)
Third Party Assistance: Kroll Settlement Administration (managing settlement claims)
Remediation Measures: Improved encryptionEnhanced monitoring
Recovery Measures: $177 million settlement fundFree credit monitoring and identity theft protection (up to 3 years)Reimbursement for documented losses (up to $7,500 per person)
Communication Strategy: Official settlement website (managed by Kroll)Public awareness campaignsSocial media outreach (e.g., X/Twitter)
Enhanced Monitoring: Yes (as part of post-breach security overhauls)
Incident : Data Breach ATT3032030111625
Incident Response Plan Activated: True
Remediation Measures: Class action settlement ($177M)Free credit/identity monitoring for affected customers
Communication Strategy: Public disclosureCustomer advisories (password changes, 2FA, credit freezing)Website updates with detailed breach information
Incident : Data Breach ATT3033030111925
Incident Response Plan Activated: Yes (investigation initiated in April 2024)
Communication Strategy: Customer notifications began in July 2024
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (password resets for 2019 breach; legal settlement for both), Yes (investigation launched in 2024 for 2019 breach; immediate response to 2024 breach), Yes (settlement process initiated), Yes (settlement process initiated), Yes (settlement process initiated), Yes (class action settlement process initiated), Yes (password resets for 2019 breach; legal coordination for both), Yes (Collaboration with FBI/DOJ), Yes (collaboration with FBI/DOJ), Yes (settlement process initiated), Yes (settlement process initiated), Yes (settlement process initiated), Yes (as part of settlement terms), , Yes (investigation initiated in April 2024).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll Settlement Administration (claims processing), Law enforcement (arrests made for 2024 breach), , Kroll Settlement Administration (court-appointed administrator), Kroll Settlement Administration (claims management), Kroll Settlement Administration (settlement administrator), Kroll Settlement Administration (claims processing), Kroll Settlement Administration (claims management), Law firms (class action settlement), , Kroll Settlement Administration (claims management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ATT2145281022
Type of Data Compromised: Names, Addresses, Email addresses, Phone numbers, Social security numbers, Dates of birth
Number of Records Exposed: 28.5 million
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: dbfull
Personally Identifiable Information: Yes
Incident : Data Breach ATT41910723
Type of Data Compromised: Customer first names, Wireless account numbers, Wireless phone numbers, Email addresses, Number of lines on an account, Wireless rate plan
Number of Records Exposed: 9 million
Sensitivity of Data: Low
Personally Identifiable Information: customer first nameswireless phone numbersemail addresses
Incident : Hacking Campaign ATT000011825
Type of Data Compromised: Phone calls, Text messages, Law enforcement wiretap systems
Incident : Data Breach ATT344060525
Type of Data Compromised: Full names, Dates of birth, Phone numbers, Email addresses, Physical addresses, Social security numbers (ssns)
Number of Records Exposed: 86,017,090
Sensitivity of Data: High
Incident : Data Breach ATT025072625
Type of Data Compromised: Customer proprietary network information (cpni)
Incident : Data Breach ATT820072625
Type of Data Compromised: Full names, Email addresses, Mailing addresses, Phone numbers, Social security numbers, Dates of birth, At&t account numbers, At&t passcodes
Sensitivity of Data: High
Incident : Data Breach ATT252072925
Type of Data Compromised: Pii
Sensitivity of Data: High
Personally Identifiable Information: namesaddressesSocial Security numbers
Incident : Data Breach ATT444072925
Type of Data Compromised: Social security numbers, Customer proprietary network information (cpni)
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach ATT914090225
Type of Data Compromised: 2019 Breach: Social Security numbers, birth dates, legal names, 2024 Breach: Phone records (2022 data),
Number of Records Exposed: {'2019_breach': '73 million (7.6M current + 65.4M former customers)'}, {'2024_breach': '109 million'}
Sensitivity of Data: High (PII including SSNs in 2019 breach)
Data Exfiltration: 2019 Breach: Data leaked to dark web (discovered in 2024), 2024 Breach: Yes (via Snowflake compromise),
Personally Identifiable Information: 2019 Breach: Social Security numbers, birth dates, legal names, 2024 Breach: Phone records (potentially linked to PII),
Incident : Data Breach ATT915090225
Type of Data Compromised: Personally identifiable information (pii): ssns, names, dates of birth (2019), Call and text records (2024, no names attached)
Number of Records Exposed: ~182 million (73M in 2019 + 109M in 2024)
Sensitivity of Data: High (SSNs in 2019; metadata in 2024)
Data Exfiltration: Yes (dark web in 2019; Snowflake in 2024)
Personally Identifiable Information: Yes (2019 breach)
Incident : Data Breach ATT4065240090625
Type of Data Compromised: Personally identifiable information (pii), Call records, Telecommunications metadata
Number of Records Exposed: 72.6 million (first breach) + unspecified (second breach, 6 months of call/text data in 2022)
Sensitivity of Data: High (SSNs, passcodes, call records)
Data Exfiltration: Yes (dark web leak for first breach; cloud platform access for second breach)
Personally Identifiable Information: Yes (SSNs, birthdates, addresses, phone numbers)
Incident : Data Breach ATT1792517092425
Type of Data Compromised: Personally identifiable information (pii), Call/text records, Authentication credentials (passcodes)
Number of Records Exposed: 73+ million
Sensitivity of Data: High (SSNs, financial-linked data)
Data Exfiltration: Yes (dark web leaks)
Personally Identifiable Information: Social Security NumbersAddressesPasscodesCall/Text Metadata
Incident : Data Breach ATT3592735092525
Type of Data Compromised: Personally identifiable information (pii), Account information, Telephone interaction records
Sensitivity of Data: High (includes SSNs, account passcodes, and billing details)
Data Exfiltration: Likely (data was 'accessible' in the breach)
Personally Identifiable Information: Yes (names, addresses, telephone numbers, email addresses, dates of birth, SSNs, account passcodes, billing account numbers)
Incident : Data Breach ATT0502305092825
Type of Data Compromised: Personally identifiable information (pii), Call and text records
Number of Records Exposed: 73 million (First Breach), Nearly all AT&T cellular customers (Second Breach)
Sensitivity of Data: High (SSNs, call/text records)
Data Exfiltration: Yes (dark web and third-party cloud download)
File Types Exposed: Customer databases (First Breach)Call/text logs (Second Breach)
Personally Identifiable Information: Yes (addresses, birthdates, passcodes, SSNs, phone numbers)
Incident : Data Breach ATT2892228093025
Type of Data Compromised: Personally identifiable information (pii), Call records
Sensitivity of Data: High (includes names, addresses, call records)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (names, addresses)
Incident : Data Breach ATT3202032100125
Type of Data Compromised: Call records, Text message metadata
Sensitivity of Data: High (includes potentially sensitive communication metadata)
Data Exfiltration: Yes
Incident : Data Breach (2019) ATT3362133100925
Type of Data Compromised: Breach 2019: PII (Social Security numbers, birth dates, legal names), Breach 2024: Phone records (call logs, metadata from 2022),
Number of Records Exposed: {'breach_2019': '73,000,000', 'breach_2024': '109,000,000'}
Sensitivity of Data: Breach 2019: High (SSNs, full names, birth dates), Breach 2024: Moderate (phone records, no financial data),
Data Exfiltration: Breach 2019: Yes (data found on dark web), Breach 2024: Yes (accessed via Snowflake),
File Types Exposed: Breach 2019: Database records (structured), Breach 2024: Call detail records (CDRs), logs,
Personally Identifiable Information: Breach 2019: Yes (SSNs, names, birth dates), Breach 2024: Indirect (phone numbers, call metadata),
Incident : Data Breach ATT4692046101025
Type of Data Compromised: Personally identifiable information (pii), Call/text metadata
Number of Records Exposed: 73,000,000 (March 2024), 'Nearly all' cellular customers (July 2024)
Sensitivity of Data: High (SSNs, PII)
Data Exfiltration: Yes (Dark web leak; third-party cloud download)
Personally Identifiable Information: Social Security NumbersAddressesBirthdatesPhone Numbers
Incident : Data Breach ATT0092600102125
Type of Data Compromised: Personal data (e.g., names, contact info), Call and text logs
Sensitivity of Data: High (telecom data linked to identity theft risks)
Data Exfiltration: Yes (confirmed in both incidents)
Personally Identifiable Information: Yes
Incident : data breach ATT2192021102425
Type of Data Compromised: Personal records, Recruitment data, Applicant/employee information
Number of Records Exposed: 576,686
Sensitivity of Data: High (potentially includes resumes, PII, career-related documents)
Data Exfiltration: Claimed by Everest ransomware group
Personally Identifiable Information: Likely (e.g., names, contact details, resumes, possibly SSNs)
Incident : Data Breach ATT3502335110525
Type of Data Compromised: Sensitive customer data
Sensitivity of Data: High (personally identifiable information likely included)
Data Exfiltration: Yes (data released on the dark web)
Personally Identifiable Information: Likely (based on context)
Incident : Data Breach ATT5202352111325
Type of Data Compromised: Personally identifiable information (pii), Telecommunications metadata
Number of Records Exposed: ~73 million (first breach), 'Nearly all' cellular customers (second breach)
Sensitivity of Data: High (SSNs, passcodes in first breach; call/text metadata in second)
Data Exfiltration: Yes (dark web dataset in first breach; third-party cloud in second)
Personally Identifiable Information: Social Security numbersAddressesBirthdatesPhone numbers
Incident : Data Breach ATT4392343111325
Type of Data Compromised: Personally identifiable information (pii), Financial data (billing account numbers), Telecom metadata (call logs, cell site ids)
Number of Records Exposed: Millions
Sensitivity of Data: High (SSNs, PII, account credentials)
Data Exfiltration: Yes (data appeared on dark web)
Personally Identifiable Information: Social Security numbersNamesAddressesBirthdatesEmail IDsPhone numbersAccount passcodes
Incident : Data Breach ATT1393413111325
Type of Data Compromised: Personally identifiable information (pii), Financial data (billing account numbers), Call metadata (phone numbers, call records, cell site ids)
Number of Records Exposed: Millions (exact number undisclosed)
Sensitivity of Data: High (Social Security numbers, call records, and financial data exposed)
Data Exfiltration: Yes (data appeared on dark web in March 2024; unauthorized downloads in July 2024)
Personally Identifiable Information: Yes (names, addresses, SSNs, dates of birth, etc.)
Incident : Data Breach ATT1803418111425
Type of Data Compromised: Personally identifiable information (pii), Call records and metadata
Number of Records Exposed: Millions (exact number unspecified)
Sensitivity of Data: High (includes SSNs, call records, and account details)
Data Exfiltration: Yes (data appeared on the dark web in March 2024; call records downloaded in July 2024)
Personally Identifiable Information: NamesAddressesPhone numbersEmail addressesDates of birthAccount passcodesSocial Security numbers (SSNs)
Incident : Data Breach ATT0893608111425
Type of Data Compromised: Personally identifiable information (pii), Social security numbers, Birthdates, Phone records, Phone numbers
Number of Records Exposed: Millions (nearly all of AT&T’s customer base)
Sensitivity of Data: High (includes SSNs and other PII)
Data Exfiltration: Yes (data leaked on dark web in March; illegally downloaded in July)
Data Encryption: Likely inadequate (as part of outdated security protocols)
Personally Identifiable Information: Yes (SSNs, birthdates, phone records, etc.)
Incident : Data Breach ATT3032030111625
Type of Data Compromised: Personally identifiable information (pii), Social security numbers (ssns), Financial data, Email addresses, Phone numbers, Medical information (potential)
Sensitivity of Data: High (includes SSNs, financial data)
Incident : Data Breach ATT3033030111925
Type of Data Compromised: Personal identifiable information (pii), Call detail records (cdr)
Number of Records Exposed: Millions
Sensitivity of Data: High (SSNs, account passcodes, call metadata)
Data Exfiltration: Yes
Personally Identifiable Information: NamesAddressesPhone numbersEmailsBirth datesAccount passcodesAccount numbersSocial Security numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offering one year of free credit monitoring, , $177 million settlement for affected customers, Claim submission process via telecomdatasettlement.com, , $177M settlement fund, Enhanced monitoring (assumed), , Settlement funds for affected customers, Extended claim-filing deadlines, , Settlement fund established for affected customers, Improved encryption, Enhanced monitoring, , Class action settlement ($177M), Free credit/identity monitoring for affected customers, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by 2019_breach: password resets for all affected current customers, , breach_2019: password resets for affected current customers, breach_2024: snowflake access revoked; investigation into credential compromise and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach ATT914090225
Data Exfiltration: [{'2019_breach': 'Yes (data found on dark web)'}, {'2024_breach': 'Yes (via Snowflake)'}]
Incident : Data Breach ATT4065240090625
Data Exfiltration: Yes (first breach: dark web; second breach: cloud platform)
Incident : Data Breach ATT1792517092425
Data Exfiltration: Yes (but not ransomware-related)
Incident : Data Breach (2019) ATT3362133100925
Data Exfiltration: [{'breach_2019': 'Yes (dark web sale)', 'breach_2024': 'Yes (accessed via Snowflake)'}]
Incident : data breach ATT2192021102425
Ransomware Strain: Everest
Data Exfiltration: Claimed (576,686 records)
Incident : Data Breach ATT3502335110525
Data Exfiltration: Yes (data released on the dark web)
Incident : Data Breach ATT5202352111325
Data Exfiltration: Yes (second breach via third-party cloud)
Incident : Data Breach ATT1393413111325
Data Exfiltration: Yes (data appeared on dark web)
Incident : Data Breach ATT3032030111625
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Settlement payouts ($177M) and customer notifications, Settlement funds ($177M) for affected customers, Settlement fund ($177M) for affected customers, Settlement claims process for affected individuals, Settlement payouts to affected customers (up to $7,500 per person), Class action settlement website (telecomdatasettlement.com), Customer notifications via email, , Class action settlement ($177 million), Settlement payouts to victims, Compensation claims process with deadlines (Dec. 18, 2025 for claims; Jan. 15, 2026 for final approval hearing), Settlement fund of $177 million for affected customers, $177 million settlement fund, Free credit monitoring and identity theft protection (up to 3 years), Reimbursement for documented losses (up to $7,500 per person), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ATT914090225
Legal Actions: Class-action lawsuits consolidated and settled for $177 million
Incident : Data Breach ATT915090225
Fines Imposed: $177 million (settlement)
Legal Actions: Class-action lawsuits (two consolidated cases)
Incident : Data Breach ATT4065240090625
Legal Actions: Class-action lawsuits settled (no admission of wrongdoing)
Incident : Data Breach ATT1792517092425
Fines Imposed: $177 million (settlement, not regulatory fine)
Legal Actions: Class action lawsuits (consolidated)
Incident : Data Breach ATT3592735092525
Legal Actions: Class-action lawsuit leading to settlement
Incident : Data Breach ATT0502305092825
Legal Actions: Class action lawsuit settled for $177 million
Incident : Data Breach ATT2892228093025
Legal Actions: Class-action settlement ($177 million)
Incident : Data Breach (2019) ATT3362133100925
Legal Actions: Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach,
Incident : Data Breach ATT4692046101025
Fines Imposed: $177M settlement (proposed)
Legal Actions: Class-action lawsuits (two consolidated cases)
Regulatory Notifications: FBI, DOJ (collaborative delay for national security)
Incident : Data Breach ATT0092600102125
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class-action lawsuit settlement,
Incident : Data Breach ATT3502335110525
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class action lawsuit
Incident : Data Breach ATT5202352111325
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class-action lawsuits (two consolidated cases), Federal/state lawsuits,
Regulatory Notifications: Delayed per FBI/DOJ request (national security concerns)
Incident : Data Breach ATT4392343111325
Fines Imposed: $177 million (settlement)
Legal Actions: Class-action lawsuit settled
Incident : Data Breach ATT1393413111325
Fines Imposed: $177 million settlement (not a fine, but compensation for affected customers)
Legal Actions: Class action lawsuits filed and consolidated; settlement agreed upon
Incident : Data Breach ATT1803418111425
Legal Actions: Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026)
Incident : Data Breach ATT0893608111425
Fines Imposed: $177 million (settlement amount, not a fine)
Legal Actions: Class-action lawsuit; multidistrict litigation
Incident : Data Breach ATT3032030111625
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class action lawsuit,
Incident : Data Breach ATT3033030111925
Fines Imposed: $177 million (settlement)
Legal Actions: Class-action lawsuit settled
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class-action lawsuits consolidated and settled for $177 million, Class-action lawsuits (two consolidated cases), Class-action lawsuits settled (no admission of wrongdoing), Class action lawsuits (consolidated), Class-action lawsuit leading to settlement, Class action lawsuit settled for $177 million, Class-action settlement ($177 million), Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach, , Class-action lawsuits (two consolidated cases), Class-action lawsuit settlement, , Class action lawsuit, Class-action lawsuits (two consolidated cases), Federal/state lawsuits, , Class-action lawsuit settled, Class action lawsuits filed and consolidated; settlement agreed upon, Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026), Class-action lawsuit; multidistrict litigation, Class action lawsuit, , Class-action lawsuit settled.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Hacking Campaign ATT000011825
Lessons Learned: The need for higher cybersecurity standards within critical infrastructure sectors.
Incident : Data Breach ATT3202032100125
Lessons Learned: The incident underscores the critical need for robust vulnerability management, particularly in sectors like telecommunications where digital transformation and cloud adoption expand the attack surface. Proactive measures such as real-time monitoring, timely patching (e.g., Microsoft's Patch Tuesday updates addressing 111 vulnerabilities in August 2025), and investment in advanced threat detection are essential to mitigate risks from zero-day flaws, ransomware, and phishing campaigns. Organizations must prioritize scalability, automation (e.g., AI/ML-driven prioritization), and integration with SIEM/SOAR systems to enhance remediation performance and compliance efficiency.
Incident : Data Breach (2019) ATT3362133100925
Lessons Learned: Delayed disclosure (2019 breach revealed 5 years later) erodes trust., Third-party risks (Snowflake) require stricter access controls and monitoring., Proactive password resets can mitigate post-breach risks., Class action settlements are costly but necessary for large-scale breaches.
Incident : Data Breach ATT0092600102125
Lessons Learned: Telecom data breaches can have severe privacy implications, including identity theft and phishing risks. Proactive customer compensation and transparent communication are critical for mitigating reputational and financial damage.
Incident : Data Breach ATT1803418111425
Lessons Learned: The settlement highlights the critical need for stronger data security measures, corporate accountability, and proactive customer protection in the digital age. The scale of the payout underscores the growing legal and financial risks associated with data breaches, particularly when sensitive information like SSNs is exposed.
Incident : Data Breach ATT0893608111425
Lessons Learned: Legacy systems in telecommunications are highly vulnerable to sophisticated cyber threats., Proactive investments in zero-trust architectures and AI-driven threat detection are critical., Settlements, while costly, may not fully deter negligence if penalties are proportionally small compared to corporate revenues., Public awareness campaigns are essential to ensure affected individuals file claims.
Incident : Data Breach ATT3032030111625
Lessons Learned: Immediate password changes and 2FA enablement are critical post-breach., Proactive financial monitoring and credit freezing mitigate identity theft risks., Companies should provide clear, detailed breach notifications to guide customer actions., Free monitoring services help victims detect fraud early., Follow-up scams targeting breach victims are common; verification of communications is essential.
Incident : Data Breach ATT3033030111925
Lessons Learned: Importance of securing third-party cloud platforms, timely customer notification, and proactive legal settlement to avoid prolonged litigation.
What recommendations were made to prevent future incidents ?
Incident : Hacking Campaign ATT000011825
Recommendations: Implement basic cyber defenses and enforce cyber risk-management planning.
Incident : Data Breach ATT3202032100125
Recommendations: Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities.
Incident : Data Breach (2019) ATT3362133100925
Recommendations: Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.
Incident : Data Breach ATT0092600102125
Recommendations: File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.
Incident : data breach ATT2192021102425
Recommendations: Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.
Incident : Data Breach ATT3502335110525
Recommendations: Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.Verify breach notifications directly with the company to avoid scams., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Consider placing a credit freeze or fraud alert with credit bureaus., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Take advantage of free credit monitoring or identity protection services if offered by the breached company.
Incident : Data Breach ATT1393413111325
Recommendations: Customers should file claims before the Dec. 18, 2025 deadline to receive compensation., Affected individuals should monitor for identity theft and fraud due to exposed SSNs., AT&T should enhance data protection measures to prevent future breaches.Customers should file claims before the Dec. 18, 2025 deadline to receive compensation., Affected individuals should monitor for identity theft and fraud due to exposed SSNs., AT&T should enhance data protection measures to prevent future breaches.Customers should file claims before the Dec. 18, 2025 deadline to receive compensation., Affected individuals should monitor for identity theft and fraud due to exposed SSNs., AT&T should enhance data protection measures to prevent future breaches.
Incident : Data Breach ATT1803418111425
Recommendations: Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.
Incident : Data Breach ATT0893608111425
Recommendations: Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.
Incident : Data Breach ATT3032030111625
Recommendations: Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.
Incident : Data Breach ATT3033030111925
Recommendations: Enhance third-party vendor security assessments, Implement stricter access controls for cloud-stored data, Improve incident response timelines for public disclosure, Prioritize customer compensation and transparencyEnhance third-party vendor security assessments, Implement stricter access controls for cloud-stored data, Improve incident response timelines for public disclosure, Prioritize customer compensation and transparencyEnhance third-party vendor security assessments, Implement stricter access controls for cloud-stored data, Improve incident response timelines for public disclosure, Prioritize customer compensation and transparencyEnhance third-party vendor security assessments, Implement stricter access controls for cloud-stored data, Improve incident response timelines for public disclosure, Prioritize customer compensation and transparency
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The need for higher cybersecurity standards within critical infrastructure sectors.The incident underscores the critical need for robust vulnerability management, particularly in sectors like telecommunications where digital transformation and cloud adoption expand the attack surface. Proactive measures such as real-time monitoring, timely patching (e.g., Microsoft's Patch Tuesday updates addressing 111 vulnerabilities in August 2025), and investment in advanced threat detection are essential to mitigate risks from zero-day flaws, ransomware, and phishing campaigns. Organizations must prioritize scalability, automation (e.g., AI/ML-driven prioritization), and integration with SIEM/SOAR systems to enhance remediation performance and compliance efficiency.Delayed disclosure (2019 breach revealed 5 years later) erodes trust.,Third-party risks (Snowflake) require stricter access controls and monitoring.,Proactive password resets can mitigate post-breach risks.,Class action settlements are costly but necessary for large-scale breaches.Telecom data breaches can have severe privacy implications, including identity theft and phishing risks. Proactive customer compensation and transparent communication are critical for mitigating reputational and financial damage.The settlement highlights the critical need for stronger data security measures, corporate accountability, and proactive customer protection in the digital age. The scale of the payout underscores the growing legal and financial risks associated with data breaches, particularly when sensitive information like SSNs is exposed.Legacy systems in telecommunications are highly vulnerable to sophisticated cyber threats.,Proactive investments in zero-trust architectures and AI-driven threat detection are critical.,Settlements, while costly, may not fully deter negligence if penalties are proportionally small compared to corporate revenues.,Public awareness campaigns are essential to ensure affected individuals file claims.Immediate password changes and 2FA enablement are critical post-breach.,Proactive financial monitoring and credit freezing mitigate identity theft risks.,Companies should provide clear, detailed breach notifications to guide customer actions.,Free monitoring services help victims detect fraud early.,Follow-up scams targeting breach victims are common; verification of communications is essential.Importance of securing third-party cloud platforms, timely customer notification, and proactive legal settlement to avoid prolonged litigation.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement basic cyber defenses and enforce cyber risk-management planning., Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Conduct regular audits of third-party vendor security practices., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Enhance customer communication and support during and after breaches., Implement zero-trust architecture for third-party cloud providers., Implement stricter breach notification timelines and regulatory compliance measures., Monitor dark web activity for leaked corporate data proactively., Invest in AI-driven threat detection and zero-trust architectures., Offer credit monitoring for victims of PII exposure. and Enhance dark web monitoring for leaked credentials/data..
References
Where can I find more information about each incident ?
Incident : Data Breach ATT344060525
Source: AT&T Data Breach
Incident : Data Breach ATT025072625
Source: California Office of the Attorney General
Incident : Data Breach ATT820072625
Source: Vermont Office of the Attorney General
Date Accessed: 2024-04-09
Incident : Data Breach ATT252072925
Source: Vermont Office of the Attorney General
Date Accessed: 2023-07-13
Incident : Data Breach ATT444072925
Source: California Office of the Attorney General
Date Accessed: 2014-06-10
Incident : Data Breach ATT914090225
Source: AT&T Data Incident Settlement Website
Incident : Data Breach ATT915090225
Source: CNET
Incident : Data Breach ATT915090225
Source: Reuters
Incident : Data Breach ATT915090225
Source: AP (Associated Press)
Incident : Data Breach ATT4065240090625
Source: Telecom Data Settlement Website
Incident : Data Breach ATT4065240090625
Source: Kroll Settlement Administration News Release
Date Accessed: 2024-10 (per article)
Incident : Data Breach ATT1792517092425
Source: USA TODAY
URL: https://www.usatoday.com/story/tech/2024/XX/XX/att-data-breach-settlement-how-file-claim/XXXXX/
Incident : Data Breach ATT1792517092425
Source: Kroll Settlement Administration
Incident : Data Breach ATT3592735092525
Source: The Desert Sun (Gannett)
Incident : Data Breach ATT3592735092525
Source: Kroll Settlement Administration FAQs
Incident : Data Breach ATT0502305092825
Source: Newsworthy (via article snippet)
Incident : Data Breach ATT0502305092825
Source: AT&T Settlement Website
Incident : Data Breach ATT2892228093025
Source: Rossen Reports (Good Morning America)
Incident : Data Breach ATT2892228093025
Source: YouTube (Advertisement/Report)
Incident : Data Breach ATT3202032100125
Source: SNS Insider - Vulnerability Management Market Report
URL: https://www.snsinsider.com/sample-request/8470
Date Accessed: 2025-09-30
Incident : Data Breach ATT3202032100125
Source: Microsoft Patch Tuesday Update (August 2025)
Date Accessed: 2025-08
Incident : Data Breach ATT3202032100125
Source: AT&T Data Breach Disclosure (March 2024)
Date Accessed: 2024-03
Incident : Data Breach (2019) ATT3362133100925
Source: CNET
Incident : Data Breach (2019) ATT3362133100925
Source: US District Court (Northern District of Texas)
Incident : Data Breach (2019) ATT3362133100925
Source: Kroll Settlement Administration
Incident : Data Breach ATT4692046101025
Source: AT&T Press Release (March 30, 2024)
Incident : Data Breach ATT4692046101025
Source: AT&T Press Release (July 12, 2024)
Incident : Data Breach ATT4692046101025
Source: FBI Statement on Disclosure Delay
Incident : Data Breach ATT4692046101025
Source: Kroll Settlement Administration (Claims Portal)
Incident : Data Breach ATT0092600102125
Source: AT&T Data Incident Settlement Official Website (Kroll Settlement Administration)
Incident : Data Breach ATT0092600102125
Source: Federal Trade Commission (FTC) Warnings on Telecom Data Misuse
Incident : data breach ATT2192021102425
Source: Everest ransomware group dark web leak site
Date Accessed: 2025-10-21
Incident : Data Breach ATT3502335110525
Source: Better Business Bureau (BBB)
URL: https://www.bbb.org/article/news-releases/25677-how-to-protect-your-information-after-a-data-breach
Incident : Data Breach ATT3502335110525
Source: AT&T Class Action Settlement News
Incident : Data Breach ATT5202352111325
Source: AT&T Press Release (March 30, 2024)
Incident : Data Breach ATT5202352111325
Source: AT&T Press Release (July 12, 2024)
Incident : Data Breach ATT5202352111325
Source: FBI Statement on Disclosure Delay
Incident : Data Breach ATT5202352111325
Source: Kroll Settlement Administration (AT&T Data Breach Settlement)
Incident : Data Breach ATT4392343111325
Source: AT&T Data Breach Settlement Official Site
Incident : Data Breach ATT4392343111325
Source: Kroll Settlement Administration
Incident : Data Breach ATT1393413111325
Source: AT&T Data Incident Settlement Claim Form
Incident : Data Breach ATT1393413111325
Source: Class Action Lawsuit Documents (Consolidated Federal Lawsuits)
Incident : Data Breach ATT1803418111425
Source: Rolling Out
Incident : Data Breach ATT1803418111425
Source: PIX11
Incident : Data Breach ATT1803418111425
Source: AT&T Data Incident Settlement Website
Incident : Data Breach ATT0893608111425
Source: United States District Court for the Northern District of Texas
Incident : Data Breach ATT0893608111425
Source: Kroll Settlement Administration (Official Settlement Website)
Incident : Data Breach ATT0893608111425
Source: The Economic Times
Incident : Data Breach ATT0893608111425
Source: Top Class Actions
Incident : Data Breach ATT0893608111425
Source: NBC DFW
Incident : Data Breach ATT0893608111425
Source: CBS News
Incident : Data Breach ATT0893608111425
Source: KTVU FOX 2
Incident : Data Breach ATT0893608111425
Source: AfroTech
Incident : Data Breach ATT0893608111425
Source: Business Insider
Incident : Data Breach ATT0893608111425
Source: AP News
Incident : Data Breach ATT0893608111425
Source: Altitudes Magazine
Incident : Data Breach ATT0893608111425
Source: Yahoo News
Incident : Data Breach ATT0893608111425
Source: WORLDSTARHIPHOP (X/Twitter)
Incident : Data Breach ATT0893608111425
Source: CT Insider
Incident : Data Breach ATT0893608111425
Source: MSN
Incident : Data Breach ATT3032030111625
Source: USA TODAY
Incident : Data Breach ATT3032030111625
Source: Data Doctors (article referenced in description)
Incident : Data Breach ATT3033030111925
Source: Kroll Settlement Administration
Incident : Data Breach ATT3033030111925
Source: U.S. District Court for the Northern District of Texas
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: AT&T Data Breach, and Source: California Office of the Attorney General, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-04-09, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-07-13, and Source: California Office of the Attorney GeneralDate Accessed: 2014-06-10, and Source: CNETUrl: https://www.cnet.com, and Source: AT&T Data Incident Settlement WebsiteUrl: https://telecomdatasettlement.com, and Source: CNET, and Source: Reuters, and Source: AP (Associated Press), and Source: Topeka Capital-JournalUrl: https://www.cjonline.com, and Source: Telecom Data Settlement WebsiteUrl: https://www.TelecomDataSettlement.com, and Source: Kroll Settlement Administration News ReleaseDate Accessed: 2024-10 (per article), and Source: USA TODAYUrl: https://www.usatoday.com/story/tech/2024/XX/XX/att-data-breach-settlement-how-file-claim/XXXXX/, and Source: Kroll Settlement AdministrationUrl: https://www.telecomdatasettlement.com, and Source: The Desert Sun (Gannett), and Source: Kroll Settlement Administration FAQsUrl: https://telecomdatasettlement.com, and Source: Newsworthy (via article snippet), and Source: AT&T Settlement Website, and Source: Rossen Reports (Good Morning America)Url: https://www.telecomdatasettlement.com, and Source: YouTube (Advertisement/Report), and Source: SNS Insider - Vulnerability Management Market ReportUrl: https://www.snsinsider.com/sample-request/8470Date Accessed: 2025-09-30, and Source: Microsoft Patch Tuesday Update (August 2025)Date Accessed: 2025-08, and Source: AT&T Data Breach Disclosure (March 2024)Date Accessed: 2024-03, and Source: CNETUrl: https://www.cnet.com/tech/mobile/att-data-breach-settlement-how-to-file-a-claim-and-how-much-you-could-get/, and Source: US District Court (Northern District of Texas), and Source: Kroll Settlement AdministrationUrl: https://telecomdatasettlement.com, and Source: AT&T Press Release (March 30, 2024), and Source: AT&T Press Release (July 12, 2024), and Source: FBI Statement on Disclosure Delay, and Source: Kroll Settlement Administration (Claims Portal), and Source: AT&T Data Incident Settlement Official Website (Kroll Settlement Administration), and Source: Federal Trade Commission (FTC) Warnings on Telecom Data Misuse, and Source: Hackread.comUrl: https://www.hackread.comDate Accessed: 2025-10-21, and Source: Everest ransomware group dark web leak siteDate Accessed: 2025-10-21, and Source: Better Business Bureau (BBB)Url: https://www.bbb.org/article/news-releases/25677-how-to-protect-your-information-after-a-data-breach, and Source: AT&T Class Action Settlement News, and Source: AT&T Press Release (March 30, 2024), and Source: AT&T Press Release (July 12, 2024), and Source: FBI Statement on Disclosure Delay, and Source: Kroll Settlement Administration (AT&T Data Breach Settlement), and Source: AT&T Data Breach Settlement Official Site, and Source: Kroll Settlement Administration, and Source: AT&T Data Incident Settlement Claim Form, and Source: Class Action Lawsuit Documents (Consolidated Federal Lawsuits), and Source: Rolling Out, and Source: PIX11, and Source: AT&T Data Incident Settlement Website, and Source: United States District Court for the Northern District of Texas, and Source: Kroll Settlement Administration (Official Settlement Website), and Source: The Economic Times, and Source: Top Class Actions, and Source: NBC DFW, and Source: CBS News, and Source: KTVU FOX 2, and Source: AfroTech, and Source: Business Insider, and Source: AP News, and Source: Altitudes Magazine, and Source: Yahoo News, and Source: WORLDSTARHIPHOP (X/Twitter), and Source: CT Insider, and Source: MSN, and Source: USA TODAY, and Source: Data Doctors (article referenced in description), and Source: Kroll Settlement Administration, and Source: U.S. District Court for the Northern District of Texas.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ATT914090225
Investigation Status: Ongoing (settlement approval hearing scheduled for 2025-12-03; two arrests made for 2024 breach)
Incident : Data Breach ATT915090225
Investigation Status: Ongoing (settlement pending final court approval on Dec 3, 2025)
Incident : Data Breach ATT4065240090625
Investigation Status: Ongoing (settlement approval hearing scheduled for December 3, 2024)
Incident : Data Breach ATT1792517092425
Investigation Status: Settled (class action)
Incident : Data Breach ATT3592735092525
Investigation Status: Settlement process ongoing; final approval hearing scheduled for December 3, 2024 (Texas)
Incident : Data Breach ATT0502305092825
Investigation Status: Ongoing (settlement pending court approval on 2025-12-03)
Incident : Data Breach ATT2892228093025
Investigation Status: Settled (compensation phase)
Incident : Data Breach (2019) ATT3362133100925
Investigation Status: Closed (settlement approved; two arrests for 2024 breach)
Incident : Data Breach ATT4692046101025
Investigation Status: Ongoing (Settlement pending court approval on Dec 3, 2024)
Incident : Data Breach ATT0092600102125
Investigation Status: Settled (pending final court approval and claim reviews)
Incident : data breach ATT2192021102425
Investigation Status: Unverified by AT&T; under monitoring by Hackread.com
Incident : Data Breach ATT5202352111325
Investigation Status: Ongoing (settlement pending court approval on Dec. 3, 2024)
Incident : Data Breach ATT4392343111325
Investigation Status: Settled (awaiting court approval for payouts)
Incident : Data Breach ATT1393413111325
Investigation Status: Settlement agreed; final approval hearing scheduled for Jan. 15, 2026
Incident : Data Breach ATT1803418111425
Investigation Status: Settlement agreed; final approval hearing scheduled for January 15, 2026. Payments expected to begin distribution in early 2026 after administrative processing.
Incident : Data Breach ATT0893608111425
Investigation Status: Resolved (settlement approved by federal judge in Texas)
Incident : Data Breach ATT3032030111625
Investigation Status: Resolved (settlement reached)
Incident : Data Breach ATT3033030111925
Investigation Status: Completed (settlement pending final court approval on 2026-01-15)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosures (2024-03 And 2024-07), Direct Notifications To Affected Customers Via Email (Class Member Id), Settlement Website And Helpline (833-890-4930), Email/mail notifications to affected customers (starting Aug 4, 2025), Email notifications ([email protected]) and public announcements via news releases, Emails To Affected Customers, Public Statements (Denying Wrongdoing But Settling To Avoid Litigation), Settlement Website (Www.Telecomdatasettlement.Com), Email notices sent to settlement class members (from [email protected]); settlement website (telecomdatasettlement.com); FAQs and contact helpline (833-890-4930), Email notifications via [email protected], settlement website, and customer support hotline (833-890-4930), Public settlement announcement and claim process via www.telecomdatasettlement.com, Public Disclosures (2024-03 And 2024-07), Dedicated Settlement Website, Customer Notifications With Class Member Ids, Delayed disclosure (national security concerns); Customer notifications via email (Kroll Settlement Administration), Official Notices Via Email/Snail Mail ([email protected]), Dedicated Settlement Website, Customer Support Hotline (833-890-4930), Public disclosure and customer advisories (e.g., Better Business Bureau recommendations), Public Announcements (March 30, July 12, 2024), Email Notifications Via Kroll Settlement Administration, Settlement Website For Claims, Public disclosure, official settlement website, customer notifications, Public settlement announcement; dedicated settlement website for claims, Public advisories, official settlement website, media coverage (e.g., Rolling Out, PIX11), Official Settlement Website (Managed By Kroll), Public Awareness Campaigns, Social Media Outreach (E.G., X/Twitter), Public Disclosure, Customer Advisories (Password Changes, 2Fa, Credit Freezing), Website Updates With Detailed Breach Information and Customer notifications began in July 2024.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ATT914090225
Stakeholder Advisories: Customers advised to file claims by 2025-11-18 via Kroll Settlement Administration
Customer Advisories: Password resets for 2019 breach victimsClaim submission instructions for settlement (online/mail)Class Member ID required for filing
Incident : Data Breach ATT915090225
Stakeholder Advisories: Customers notified via email/mail (Aug 4–Oct 17, 2025)
Customer Advisories: Claims process begins Aug 4, 2025; deadline Nov 18, 2025. Payments expected early 2026.
Incident : Data Breach ATT4065240090625
Stakeholder Advisories: Emails sent to affected customers ([email protected]); public news releases
Customer Advisories: Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024
Incident : Data Breach ATT1792517092425
Stakeholder Advisories: Customers notified via email; public settlement website
Customer Advisories: Claims process open until November 18, 2025; tiers for compensation based on documented losses
Incident : Data Breach ATT3592735092525
Stakeholder Advisories: Email notices to settlement class members; settlement website and helpline for inquiries
Customer Advisories: Eligible individuals advised to file claims by November 18, 2025, via online or mail; documentation required for higher compensation tiers
Incident : Data Breach ATT0502305092825
Stakeholder Advisories: Email notifications and settlement website for claim filings
Customer Advisories: Eligibility checks via website or hotline (833-890-4930); claims deadline: 2025-11-18
Incident : Data Breach ATT2892228093025
Stakeholder Advisories: Customers advised to file claims by November 18, 2024
Customer Advisories: Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information.
Incident : Data Breach (2019) ATT3362133100925
Stakeholder Advisories: Customers Notified Via Email With Class Member Ids., Public Settlement Website With Claim Forms., Media Announcements (Cnet, Other Tech Outlets).
Customer Advisories: File claims by Nov. 18, 2025 via telecomdatasettlement.com or mail.Documented losses may increase payout (up to $5K for 2019, $2.5K for 2024).Check spam folders for Class Member ID notifications.Call 833-890-4930 for assistance.
Incident : Data Breach ATT4692046101025
Stakeholder Advisories: Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024
Customer Advisories: Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure
Incident : Data Breach ATT0092600102125
Stakeholder Advisories: Customers advised to file claims by the extended deadline and submit documentation for losses.
Customer Advisories: Beware of scams; official notices come only from [email protected] the provided Class Member ID or AT&T account credentials to file claims.Mail-in claims must be postmarked by the submission deadline (address: AT&T Data Incident Settlement c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324).
Incident : data breach ATT2192021102425
Customer Advisories: Applicants/employees advised to change passwords, enable MFA, and monitor for fraud.Official guidance from AT&T pending.
Incident : Data Breach ATT3502335110525
Stakeholder Advisories: Better Business Bureau (BBB) provided consumer protection guidelines post-breach.
Customer Advisories: Confirm breach legitimacy by contacting AT&T directly.Update passwords and enable MFA for affected accounts.Monitor financial accounts and credit reports for unauthorized activity.Report identity theft to the FTC via IdentityTheft.gov.Utilize free credit monitoring services if provided by AT&T.
Incident : Data Breach ATT5202352111325
Stakeholder Advisories: Email Notifications Via [email protected], Settlement Website For Claims (Deadline: Nov. 18, 2024), Opt-Out Deadline For Independent Lawsuits: Oct. 17, 2024.
Customer Advisories: Eligible customers can claim up to $7,500 (if affected by both breaches)Tiered compensation based on SSN exposure (first breach) or documented loss (second breach)Claims process opened Aug. 4, 2024
Incident : Data Breach ATT4392343111325
Stakeholder Advisories: Customers advised to file claims before November 18, 2025
Customer Advisories: Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail.
Incident : Data Breach ATT1393413111325
Stakeholder Advisories: Customers advised to submit claims by Dec. 18, 2025; opt-out or objection deadline: Nov. 18, 2025
Customer Advisories: Eligible customers must file claims via online form or mail by Dec. 18, 2025. Payments will be distributed on a pro rata basis after final approval.
Incident : Data Breach ATT1803418111425
Stakeholder Advisories: Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action.
Customer Advisories: Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims.
Incident : Data Breach ATT0893608111425
Stakeholder Advisories: Customers Advised To File Claims By December 18, 2025 (Extended Deadline)., Free Credit Monitoring And Identity Theft Protection Offered For Up To 3 Years., Documentation Required For Reimbursement Of Losses Exceeding Basic Claim Amounts..
Customer Advisories: Check eligibility for settlement claims via the official portal or by mail.No proof of AT&T service required for basic eligibility.Opt-out option available for those wishing to pursue independent legal action.Public urged to remain vigilant against phishing scams and identity theft attempts.
Incident : Data Breach ATT3032030111625
Stakeholder Advisories: Customers Advised To Change Passwords, Enable 2Fa, Monitor Accounts, And Freeze Credit If Necessary..
Customer Advisories: Change passwords immediately, even if the company states passwords weren’t accessed.Enable 2FA on all accounts.Monitor bank and credit card transactions for fraud.Freeze credit if SSN or highly sensitive data was exposed.Accept free credit/identity monitoring offered by AT&T.Beware of follow-up scams impersonating AT&T or offering assistance.
Incident : Data Breach ATT3033030111925
Stakeholder Advisories: Customers notified via direct communication; settlement claims process established (deadline: 2024-12-18).
Customer Advisories: Claim deadline extended to December 18, 2024Claims can be submitted online (Kroll website) or by mailDocumented proof of losses required (receipts, official documents)Self-written statements not acceptedFirst breach victims eligible for up to $5,000; second breach victims up to $2,500; dual victims up to $7,500
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers advised to file claims by 2025-11-18 via Kroll Settlement Administration, Password Resets For 2019 Breach Victims, Claim Submission Instructions For Settlement (Online/Mail), Class Member Id Required For Filing, , Customers notified via email/mail (Aug 4–Oct 17, 2025), Claims process begins Aug 4, 2025; deadline Nov 18, 2025. Payments expected early 2026., Emails sent to affected customers ([email protected]); public news releases, Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024, Customers notified via email; public settlement website, Claims process open until November 18, 2025; tiers for compensation based on documented losses, Email notices to settlement class members; settlement website and helpline for inquiries, Eligible individuals advised to file claims by November 18, 2025, via online or mail; documentation required for higher compensation tiers, Email notifications and settlement website for claim filings, Eligibility checks via website or hotline (833-890-4930); claims deadline: 2025-11-18, Customers advised to file claims by November 18, 2024, Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information., Customers Notified Via Email With Class Member Ids., Public Settlement Website With Claim Forms., Media Announcements (Cnet, Other Tech Outlets), File Claims By Nov. 18, 2025 Via Telecomdatasettlement.Com Or Mail., Documented Losses May Increase Payout (Up To $5K For 2019, $2.5K For 2024)., Check Spam Folders For Class Member Id Notifications., Call 833-890-4930 For Assistance., , Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024, Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure, Customers advised to file claims by the extended deadline and submit documentation for losses., Beware Of Scams; Official Notices Come Only From [email protected]., Use The Provided Class Member Id Or At&T Account Credentials To File Claims., Mail-In Claims Must Be Postmarked By The Submission Deadline (Address: At&T Data Incident Settlement C/O Kroll Settlement Administration Llc, P.O. Box 5324, New York, Ny 10150-5324)., , Applicants/Employees Advised To Change Passwords, Enable Mfa, And Monitor For Fraud., Official Guidance From At&T Pending., , Better Business Bureau (BBB) provided consumer protection guidelines post-breach., Confirm Breach Legitimacy By Contacting At&T Directly., Update Passwords And Enable Mfa For Affected Accounts., Monitor Financial Accounts And Credit Reports For Unauthorized Activity., Report Identity Theft To The Ftc Via Identitytheft.Gov., Utilize Free Credit Monitoring Services If Provided By At&T., , Email Notifications Via [email protected], Settlement Website For Claims (Deadline: Nov. 18, 2024), Opt-Out Deadline For Independent Lawsuits: Oct. 17, 2024, Eligible Customers Can Claim Up To $7,500 (If Affected By Both Breaches), Tiered Compensation Based On Ssn Exposure (First Breach) Or Documented Loss (Second Breach), Claims Process Opened Aug. 4, 2024, , Customers advised to file claims before November 18, 2025, Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail., Customers advised to submit claims by Dec. 18, 2025; opt-out or objection deadline: Nov. 18, 2025, Eligible customers must file claims via online form or mail by Dec. 18, 2025. Payments will be distributed on a pro rata basis after final approval., Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action., Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims., Customers Advised To File Claims By December 18, 2025 (Extended Deadline)., Free Credit Monitoring And Identity Theft Protection Offered For Up To 3 Years., Documentation Required For Reimbursement Of Losses Exceeding Basic Claim Amounts., Check Eligibility For Settlement Claims Via The Official Portal Or By Mail., No Proof Of At&T Service Required For Basic Eligibility., Opt-Out Option Available For Those Wishing To Pursue Independent Legal Action., Public Urged To Remain Vigilant Against Phishing Scams And Identity Theft Attempts., , Customers Advised To Change Passwords, Enable 2Fa, Monitor Accounts, And Freeze Credit If Necessary., Change Passwords Immediately, Even If The Company States Passwords Weren’T Accessed., Enable 2Fa On All Accounts., Monitor Bank And Credit Card Transactions For Fraud., Freeze Credit If Ssn Or Highly Sensitive Data Was Exposed., Accept Free Credit/Identity Monitoring Offered By At&T., Beware Of Follow-Up Scams Impersonating At&T Or Offering Assistance., , Customers notified via direct communication; settlement claims process established (deadline: 2024-12-18)., Claim Deadline Extended To December 18, 2024, Claims Can Be Submitted Online (Kroll Website) Or By Mail, Documented Proof Of Losses Required (Receipts, Official Documents), Self-Written Statements Not Accepted, First Breach Victims Eligible For Up To $5,000; Second Breach Victims Up To $2,500; Dual Victims Up To $7,500 and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ATT2145281022
Entry Point: Dark Web File-Sharing Site
Incident : Data Breach ATT914090225
Entry Point: 2019 Breach: None, 2024 Breach: Compromised Snowflake credentials,
High Value Targets: 2024 Breach: Phone records of ~109M AT&T customers,
Data Sold on Dark Web: 2024 Breach: Phone records of ~109M AT&T customers,
Incident : Data Breach ATT915090225
Entry Point: Unknown (2019), Snowflake Cloud Compromise (2024),
High Value Targets: Customer PII (2019); call/text metadata (2024)
Data Sold on Dark Web: Customer PII (2019); call/text metadata (2024)
Incident : Data Breach ATT4065240090625
High Value Targets: Customer Pii (First Breach), Call/Text Records (Second Breach),
Data Sold on Dark Web: Customer Pii (First Breach), Call/Text Records (Second Breach),
Incident : Data Breach ATT1792517092425
High Value Targets: Customer PII (SSNs, passcodes, call records)
Data Sold on Dark Web: Customer PII (SSNs, passcodes, call records)
Incident : Data Breach ATT0502305092825
Entry Point: Dark Web Dataset (First Breach), Third-Party Cloud Platform (Second Breach),
High Value Targets: Customer PII and call/text records
Data Sold on Dark Web: Customer PII and call/text records
Incident : Data Breach (2019) ATT3362133100925
Entry Point: Breach 2019: Unknown (dark web leak), Breach 2024: Compromised Snowflake credentials (likely via ShinyHunters),
High Value Targets: Breach 2019: Customer PII (SSNs, names), Breach 2024: Historical phone records (2022 data),
Data Sold on Dark Web: Breach 2019: Customer PII (SSNs, names), Breach 2024: Historical phone records (2022 data),
Incident : Data Breach ATT0092600102125
High Value Targets: Customer Personal Data, Call/Text Logs,
Data Sold on Dark Web: Customer Personal Data, Call/Text Logs,
Incident : data breach ATT2192021102425
High Value Targets: At&T Careers Platform (Recruitment/Applicant Data),
Data Sold on Dark Web: At&T Careers Platform (Recruitment/Applicant Data),
Incident : Data Breach ATT5202352111325
High Value Targets: Customer Pii (First Breach), Call/Text Metadata (Second Breach),
Data Sold on Dark Web: Customer Pii (First Breach), Call/Text Metadata (Second Breach),
Incident : Data Breach ATT1393413111325
High Value Targets: Customer Pii (Social Security Numbers, Billing Data), Call Records (Telephone Interaction Metadata),
Data Sold on Dark Web: Customer Pii (Social Security Numbers, Billing Data), Call Records (Telephone Interaction Metadata),
Incident : Data Breach ATT1803418111425
High Value Targets: Social Security Numbers, Call Records And Metadata,
Data Sold on Dark Web: Social Security Numbers, Call Records And Metadata,
Incident : Data Breach ATT3032030111625
High Value Targets: Customer Pii, Ssns, Financial Data,
Data Sold on Dark Web: Customer Pii, Ssns, Financial Data,
Incident : Data Breach ATT3033030111925
Entry Point: Third-party cloud platform
High Value Targets: Customer Pii, Call Metadata,
Data Sold on Dark Web: Customer Pii, Call Metadata,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ATT914090225
Root Causes: 2019 Breach: None, 2024 Breach: Weak credential security in Snowflake environment (shared across ~165 companies),
Corrective Actions: $177M Settlement For Affected Customers, Enhanced Claim Processing Via Kroll, Legal Actions Against Threat Actors (Two Arrests),
Incident : Data Breach ATT4065240090625
Corrective Actions: Settlement payouts to avoid litigation; no technical remediation details disclosed
Incident : Data Breach ATT1792517092425
Corrective Actions: Settlement payments; no technical remediation details disclosed
Incident : Data Breach ATT0502305092825
Corrective Actions: Settlement payouts and customer notifications
Incident : Data Breach ATT3202032100125
Root Causes: Likely Exploitation Of Unpatched Vulnerabilities Or Misconfigured Systems (E.G., Similar To The Windows Kerberos Zero-Day Flaw Patched By Microsoft In August 2025)., Inadequate Real-Time Monitoring Of Sensitive Data Repositories (Call/Text Records)., Delayed Detection Of Exfiltration Activity, Allowing Threat Actors To Access Historical Data (2022–2023).,
Corrective Actions: Deploy **Automated Vulnerability Scanners** With Ai-Driven Prioritization To Detect And Remediate Flaws Proactively., Enhance **Data Encryption And Access Controls** For Customer Communication Records., Implement **Behavioral Analytics** To Detect Anomalous Data Access Patterns Indicative Of Exfiltration., Conduct **Third-Party Audits** Of Cloud And On-Premises Deployment Models To Identify Gaps In Security Posture., Establish **Cross-Functional Incident Response Teams** With Clear Escalation Paths For Data Breach Scenarios.,
Incident : Data Breach (2019) ATT3362133100925
Root Causes: Breach 2019: Unknown (poor data protection or insider threat), Breach 2024: Weak credential management for Snowflake access; lack of multi-factor authentication (MFA) or IP restrictions,
Corrective Actions: Settlement Fund For Victims., Assumed: Strengthened Third-Party Access Controls (E.G., Mfa For Snowflake)., Proactive Password Resets For Affected Users (2019)., Legal Accountability (Arrests For 2024 Breach).,
Incident : Data Breach ATT0092600102125
Corrective Actions: Financial Compensation For Affected Customers, Extended Claim-Filing Window, Public Awareness Campaigns About Phishing Risks,
Incident : Data Breach ATT3502335110525
Corrective Actions: $177 million settlement to affected customers
Incident : Data Breach ATT4392343111325
Corrective Actions: Settlement payouts, customer compensation tiers
Incident : Data Breach ATT1393413111325
Corrective Actions: Settlement fund established; no technical remediation details disclosed
Incident : Data Breach ATT1803418111425
Root Causes: Inadequate Protection Of Sensitive Customer Data (E.G., Ssns, Call Records)., Vulnerabilities In Third-Party Cloud Platform Security (July 2024 Breach)., Failure To Prevent Data Exfiltration To The Dark Web (March 2024 Breach).,
Corrective Actions: $177 Million Settlement Fund For Affected Customers., Enhanced Legal And Administrative Processes For Claims Verification., Public Acknowledgment Of Harm And Need For Accountability (Though No Admission Of Wrongdoing).,
Incident : Data Breach ATT0893608111425
Root Causes: Outdated Security Protocols, Inadequate Encryption And Monitoring, Vulnerability To Sophisticated Hacking Attempts,
Corrective Actions: Settlement Agreement Includes Commitments To Improve Encryption And Monitoring., Enhanced Data Security Measures Implemented Post-Breach., Public Awareness Campaigns To Inform Affected Customers.,
Incident : Data Breach ATT3032030111625
Corrective Actions: $177 Million Settlement To Affected Customers., Provision Of Free Credit/Identity Monitoring Services., Public Communication And Advisories To Guide Customer Response.,
Incident : Data Breach ATT3033030111925
Root Causes: Inadequate Security Controls On Third-Party Cloud Platform, Delayed Detection (Breach Occurred In March/July 2024, Detected In April 2024),
Corrective Actions: Settlement Agreement To Compensate Affected Customers, Legal And Regulatory Compliance Review,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll Settlement Administration (Claims Processing), Law Enforcement (Arrests Made For 2024 Breach), , Kroll Settlement Administration (court-appointed administrator), Kroll Settlement Administration (claims management), Kroll Settlement Administration (settlement administrator), Kroll Settlement Administration (claims processing), Kroll Settlement Administration (Claims Management), Law Firms (Class Action Settlement), , Likely (not explicitly stated), Kroll Settlement Administration (Claims Management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims), Yes (as part of post-breach security overhauls).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: $177M Settlement For Affected Customers, Enhanced Claim Processing Via Kroll, Legal Actions Against Threat Actors (Two Arrests), , Settlement payouts to avoid litigation; no technical remediation details disclosed, Settlement payments; no technical remediation details disclosed, Settlement payouts and customer notifications, Deploy **Automated Vulnerability Scanners** With Ai-Driven Prioritization To Detect And Remediate Flaws Proactively., Enhance **Data Encryption And Access Controls** For Customer Communication Records., Implement **Behavioral Analytics** To Detect Anomalous Data Access Patterns Indicative Of Exfiltration., Conduct **Third-Party Audits** Of Cloud And On-Premises Deployment Models To Identify Gaps In Security Posture., Establish **Cross-Functional Incident Response Teams** With Clear Escalation Paths For Data Breach Scenarios., , Settlement Fund For Victims., Assumed: Strengthened Third-Party Access Controls (E.G., Mfa For Snowflake)., Proactive Password Resets For Affected Users (2019)., Legal Accountability (Arrests For 2024 Breach)., , Financial Compensation For Affected Customers, Extended Claim-Filing Window, Public Awareness Campaigns About Phishing Risks, , $177 million settlement to affected customers, Settlement payouts, customer compensation tiers, Settlement fund established; no technical remediation details disclosed, $177 Million Settlement Fund For Affected Customers., Enhanced Legal And Administrative Processes For Claims Verification., Public Acknowledgment Of Harm And Need For Accountability (Though No Admission Of Wrongdoing)., , Settlement Agreement Includes Commitments To Improve Encryption And Monitoring., Enhanced Data Security Measures Implemented Post-Breach., Public Awareness Campaigns To Inform Affected Customers., , $177 Million Settlement To Affected Customers., Provision Of Free Credit/Identity Monitoring Services., Public Communication And Advisories To Guide Customer Response., , Settlement Agreement To Compensate Affected Customers, Legal And Regulatory Compliance Review, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Nation-state actors, ShinyHunters, 2024 Breach: ShinyHunters (hacker group; two associates arrested), Unknown (2019 breach)Hacker(s) (2024 breach; two arrested), Breach 2019: UnknownBreach 2024: ShinyHunters (hacker group; two arrests made), Everest ransomware group and Unauthorized Individuals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-15.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-07.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, email addresses, phone numbers, Social Security Numbers, dates of birth, , customer first names, wireless account numbers, wireless phone numbers, email addresses, number of lines on an account, wireless rate plan, , phone calls, text messages, law enforcement wiretap systems, , Full names, Dates of birth, Phone numbers, Email addresses, Physical addresses, Social Security numbers (SSNs), , Customer Proprietary Network Information (CPNI), , full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, AT&T passcodes, , names, addresses, Social Security numbers, , Social Security numbers, Customer Proprietary Network Information (CPNI), , 2019 Breach: Social Security numbers, birth dates, legal names (7.6M current + 65.4M former customers), 2024 Breach: Phone records from 2022 (109M customers), , 7.6M current + 65.4M former customers (2019): SSNs, names, dates of birth, 109M U.S. customers (2024): call and text records (no names attached), , Social Security Numbers (SSNs), Birthdates, Phone Numbers, Addresses, Billing Numbers, Passcodes, Call Records (phone numbers, aggregate call duration, cell site details), , Addresses, Social Security Numbers, Passcodes (March 2024), Call and Text Records (July 2024), , Names, Addresses, Telephone numbers, Email addresses, Dates of birth, Account passcodes, Billing account numbers, Social Security numbers, Telephone interaction records (numbers of customers and those they interacted with), , Identity information (addresses, birthdates, passcodes, billing numbers, phone numbers, Social Security numbers) - First Breach, Call and text records (May 1 to October 31, 2022) - Second Breach, , Customer names, Addresses, Call records, , Call records, Text message records, , Breach 2019: 73 million records (7.6M current + 65.4M former customers), Breach 2024: 109 million records (phone records from 2022), , Addresses, Social Security Numbers, Birthdates, Passcodes, Billing Numbers, Phone Numbers, Call/Text Metadata (May 1, 2022 – Oct 31, 2022), , Personal data (e.g., names, contact info), Call and text logs, , personal records (576,686), potential recruitment/applicant/employee data, , Sensitive customer data (details unspecified), Breach 1: ['Addresses', 'Social Security numbers', 'Birthdates', 'Passcodes', 'Billing numbers', 'Phone numbers'], Breach 2: ['Call records (metadata)', 'Text records (metadata)'], , Social Security numbers, Birthdates, Names, Addresses, Email IDs, Phone numbers, Billing account numbers, Account passcodes, Call logs, Interaction counts, Call frequencies, Cell site IDs, , Names, Addresses, Telephone Numbers, Email Addresses, Dates of Birth, Account Passcodes, Billing Account Numbers, Social Security Numbers (March 2024 breach), Call Records (July 2024 breach), Cell Site Identification Numbers (subset of individuals in July 2024 breach), , Names, Addresses, Phone numbers, Email addresses, Dates of birth, Account passcodes, Billing numbers, Social Security numbers (SSNs), Call records (telephone numbers interacted with, call frequency, cell site identification numbers), , Social Security numbers, Birthdates, Phone records, AT&T-specific fields (March breach), Phone numbers (July breach), , , Phone numbers, Addresses, Email addresses, Birth dates, Account passcodes, Account numbers, Social Security numbers, Call records (phone numbers, contacted numbers, interaction counts, call durations, cell site IDs) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were 2, 0, 2, 4, , B, r, e, a, c, h, :, , S, n, o, w, f, l, a, k, e, , c, l, o, u, d, -, b, a, s, e, d, , d, a, t, a, , w, a, r, e, h, o, u, s, e, ,, and AT&T customer databases (2019)Snowflake cloud storage (2024) and Customer Databases (First Breach)Cloud Platform (Second Breach) and AT&T customer databases (First Breach)Third-party cloud platform (Second Breach) and B, r, e, a, c, h, , 2, 0, 1, 9, :, , A, T, &, T, , c, u, s, t, o, m, e, r, , d, a, t, a, b, a, s, e, s, ,, B, r, e, a, c, h, , 2, 0, 2, 4, :, , S, n, o, w, f, l, a, k, e, , c, l, o, u, d, , d, a, t, a, , w, a, r, e, h, o, u, s, e, ,, and Customer DatabasesThird-Party Cloud Platform and AT&T Careers platform (job and recruitment portal) and Customer databases (First Breach)Third-party cloud platform (Second Breach) and AT&T customer databasesThird-party cloud platform (July 2024 breach) and Third-party cloud platform.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was kroll settlement administration (claims processing), law enforcement (arrests made for 2024 breach), , Kroll Settlement Administration (court-appointed administrator), Kroll Settlement Administration (claims management), Kroll Settlement Administration (settlement administrator), Kroll Settlement Administration (claims processing), kroll settlement administration (claims management), law firms (class action settlement), , kroll settlement administration (claims management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were 2019 Breach: Password resets for all affected current customers, , Breach 2019: Password resets for affected current customers, Breach 2024: Snowflake access revoked; investigation into credential compromise and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone Numbers, wireless phone numbers, Full names, Call and text records (May 1 to October 31, 2022) - Second Breach, Email IDs, Breach 2024: 109 million records (phone records from 2022), , personal records (576,686), AT&T account numbers, Dates of Birth, Names, Social Security Numbers, Billing Account Numbers, mailing addresses, Dates of birth, Call frequencies, Social Security Numbers (SSNs), AT&T passcodes, Email Addresses, Addresses, Phone numbers (July breach), Passcodes, Cell site IDs, 7.6M current + 65.4M former customers (2019): SSNs, names, dates of birth, potential recruitment/applicant/employee data, Breach 2019: 73 million records (7.6M current + 65.4M former customers), , wireless account numbers, Text message records, Social Security Numbers (March 2024 breach), social security numbers, Birthdates, Account Passcodes, 2024 Breach: Phone records from 2022 (109M customers), , Billing numbers, Call/Text Metadata (May 1, 2022 – Oct 31, 2022), Sensitive customer data (details unspecified), email addresses, full names, Phone numbers, Call records, Call and Text Records (July 2024), Call records (telephone numbers interacted with, call frequency, cell site identification numbers), Birth dates, AT&T-specific fields (March breach), 109M U.S. customers (2024): call and text records (no names attached), Personal data (e.g., names, contact info), addresses, Telephone numbers, Call and text logs, Telephone interaction records (numbers of customers and those they interacted with), Call logs, Telephone Numbers, Breach 2: ['Call records (metadata)', 'Text records (metadata)'], , Interaction counts, Physical addresses, Social Security numbers, law enforcement wiretap systems, Cell Site Identification Numbers (subset of individuals in July 2024 breach), Breach 1: ['Addresses', 'Social Security numbers', 'Birthdates', 'Passcodes', 'Billing numbers', 'Phone numbers'], , customer first names, Call records (phone numbers, contacted numbers, interaction counts, call durations, cell site IDs), Billing account numbers, Social Security numbers (SSNs), Passcodes (March 2024), dates of birth, Customer Proprietary Network Information (CPNI), Call Records (phone numbers, aggregate call duration, cell site details), Phone records, Account numbers, Account passcodes, Customer names, Billing Numbers, phone numbers, 2019 Breach: Social Security numbers, birth dates, legal names (7.6M current + 65.4M former customers), , text messages, Call Records (July 2024 breach), number of lines on an account, Identity information (addresses, birthdates, passcodes, billing numbers, phone numbers, Social Security numbers) - First Breach, names, Email addresses, wireless rate plan and phone calls.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 961.7M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $177 million (settlement), $177 million (settlement, not regulatory fine), $177M settlement (proposed), $177 million (settlement, not a fine), $177 million (settlement, not a fine), $177 million (settlement, not a fine), $177 million (settlement), $177 million settlement (not a fine, but compensation for affected customers), $177 million (settlement amount, not a fine), $177 million (settlement, not a fine), $177 million (settlement).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class-action lawsuits consolidated and settled for $177 million, Class-action lawsuits (two consolidated cases), Class-action lawsuits settled (no admission of wrongdoing), Class action lawsuits (consolidated), Class-action lawsuit leading to settlement, Class action lawsuit settled for $177 million, Class-action settlement ($177 million), Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach, , Class-action lawsuits (two consolidated cases), Class-action lawsuit settlement, , Class action lawsuit, Class-action lawsuits (two consolidated cases), Federal/state lawsuits, , Class-action lawsuit settled, Class action lawsuits filed and consolidated; settlement agreed upon, Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026), Class-action lawsuit; multidistrict litigation, Class action lawsuit, , Class-action lawsuit settled.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-up scams targeting breach victims are common; verification of communications is essential., Importance of securing third-party cloud platforms, timely customer notification, and proactive legal settlement to avoid prolonged litigation.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Take advantage of free credit monitoring or identity protection services if offered by the breached company., Implement stricter monitoring for dark web leaks and unauthorized data access., Verify breach notifications directly with the company to avoid scams., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Adopt **cloud-native vulnerability management solutions** for scalability and ease of deployment, especially in distributed IT environments., Advocate for stronger data protection measures in the telecom industry., Customers should file claims before the Dec. 18, 2025 deadline to receive compensation., Monitor dark web activity for leaked corporate data proactively., Monitor bank statements, credit card activity, and credit reports for suspicious activity., Invest in **managed vulnerability services** for SMEs and organizations lacking in-house expertise, particularly in high-risk sectors like healthcare and telecom., Strengthen **compliance frameworks** (e.g., ISO 27001, GDPR, HIPAA) by aligning vulnerability management with regulatory requirements to reduce non-compliance incidents., Monitor official communications ([email protected]) and avoid phishing scams., Implement basic cyber defenses and enforce cyber risk-management planning., Change AT&T account passwords and avoid reuse elsewhere., Enhance customer communication and support during and after breaches., Freeze credit if SSNs or highly sensitive data are exposed., Provide affected customers with long-term identity theft protection and credit monitoring services., Improve incident response timelines for public disclosure, Prioritize customer compensation and transparency, Expand **attack surface visibility** to include emerging technologies (e.g., IoT, cloud, remote work tools) that introduce new vulnerabilities., Improve incident response transparency and timeliness in public disclosures., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Strengthen compliance with data protection regulations to mitigate future legal and financial risks., File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Follow official AT&T channels for notifications, not unsolicited links., Affected individuals should monitor for identity theft and fraud due to exposed SSNs., Invest in AI-driven threat detection and zero-trust architectures., Monitor financial statements, credit files, and communications for suspicious activity., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Conduct regular audits of third-party vendor security practices., Implement zero-trust architecture for third-party cloud providers., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Change passwords for affected accounts and enable multi-factor authentication (MFA)., Enhance third-party vendor security assessments, Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals., Enhance **integration with SIEM/SOAR platforms** to streamline incident response and reduce patch turnaround time., AT&T should investigate third-party vendor risks as a potential breach source., Enable multi-factor authentication (MFA) on all accounts., Enhance data encryption and access controls, especially for third-party cloud platforms., Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Implement **real-time vulnerability monitoring** and **automated patch management** to reduce exposure to zero-day and known vulnerabilities., Enhance dark web monitoring for leaked credentials/data., Report identity theft to the Federal Trade Commission (IdentityTheft.gov)., Conduct **regular exploitability assessments** to track the average time from vulnerability discovery to exploitation and prioritize remediation accordingly., Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Accept free monitoring services offered by the breached company., Prioritize **AI/ML-driven threat prioritization** to focus remediation efforts on high-risk vulnerabilities (e.g., those exploited within 24–48 hours)., Implement stricter breach notification timelines and regulatory compliance measures., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Implement stricter access controls for cloud-stored data, AT&T should enhance data protection measures to prevent future breaches., Consider placing a credit freeze or fraud alert with credit bureaus., Offer credit monitoring for victims of PII exposure. and Monitor financial accounts for suspicious activity for at least several months post-breach..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are AT&T Press Release (July 12, 2024), Kroll Settlement Administration FAQs, PIX11, Everest ransomware group dark web leak site, Data Doctors (article referenced in description), Federal Trade Commission (FTC) Warnings on Telecom Data Misuse, AT&T Press Release (March 30, 2024), AT&T Data Breach Settlement Official Site, Microsoft Patch Tuesday Update (August 2025), Kroll Settlement Administration (Official Settlement Website), U.S. District Court for the Northern District of Texas, AP (Associated Press), FBI Statement on Disclosure Delay, CBS News, Kroll Settlement Administration (AT&T Data Breach Settlement), California Office of the Attorney General, Kroll Settlement Administration News Release, Rossen Reports (Good Morning America), Telecom Data Settlement Website, The Desert Sun (Gannett), AT&T Data Incident Settlement Claim Form, AT&T Data Breach Disclosure (March 2024), Class Action Lawsuit Documents (Consolidated Federal Lawsuits), AT&T Data Incident Settlement Website, YouTube (Advertisement/Report), AfroTech, Kroll Settlement Administration, AP News, Better Business Bureau (BBB), AT&T Data Breach, United States District Court for the Northern District of Texas, MSN, AT&T Class Action Settlement News, Business Insider, CNET, The Economic Times, AT&T Settlement Website, Reuters, US District Court (Northern District of Texas), USA TODAY, CT Insider, Yahoo News, NBC DFW, SNS Insider - Vulnerability Management Market Report, Kroll Settlement Administration (Claims Portal), Hackread.com, Vermont Office of the Attorney General, Rolling Out, Altitudes Magazine, WORLDSTARHIPHOP (X/Twitter), AT&T Data Incident Settlement Official Website (Kroll Settlement Administration), Topeka Capital-Journal, Top Class Actions, KTVU FOX 2 and Newsworthy (via article snippet).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cnet.com, https://telecomdatasettlement.com, https://www.cjonline.com, https://www.TelecomDataSettlement.com, https://www.usatoday.com/story/tech/2024/XX/XX/att-data-breach-settlement-how-file-claim/XXXXX/, https://www.telecomdatasettlement.com, https://telecomdatasettlement.com, https://www.telecomdatasettlement.com, https://www.snsinsider.com/sample-request/8470, https://www.cnet.com/tech/mobile/att-data-breach-settlement-how-to-file-a-claim-and-how-much-you-could-get/, https://telecomdatasettlement.com, https://www.hackread.com, https://www.bbb.org/article/news-releases/25677-how-to-protect-your-information-after-a-data-breach .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (settlement approval hearing scheduled for 2025-12-03; two arrests made for 2024 breach).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers advised to file claims by 2025-11-18 via Kroll Settlement Administration, Customers notified via email/mail (Aug 4–Oct 17, 2025), Emails sent to affected customers ([email protected]); public news releases, Customers notified via email; public settlement website, Email notices to settlement class members; settlement website and helpline for inquiries, Email notifications and settlement website for claim filings, Customers advised to file claims by November 18, 2024, Customers notified via email with Class Member IDs., Public settlement website with claim forms., Media announcements (CNET, other tech outlets), Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024, Customers advised to file claims by the extended deadline and submit documentation for losses., Better Business Bureau (BBB) provided consumer protection guidelines post-breach., Email notifications via [email protected], Settlement website for claims (deadline: Nov. 18, 2024), Opt-out deadline for independent lawsuits: Oct. 17, 2024, Customers advised to file claims before November 18, 2025, Customers advised to submit claims by Dec. 18, 2025; opt-out or objection deadline: Nov. 18, 2025, Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action., Customers advised to file claims by December 18, 2025 (extended deadline)., Free credit monitoring and identity theft protection offered for up to 3 years., Documentation required for reimbursement of losses exceeding basic claim amounts., Customers advised to change passwords, enable 2FA, monitor accounts, and freeze credit if necessary., Customers notified via direct communication; settlement claims process established (deadline: 2024-12-18)., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Password resets for 2019 breach victimsClaim submission instructions for settlement (online/mail)Class Member ID required for filing, Claims process begins Aug 4, 2025; deadline Nov 18, 2025. Payments expected early 2026., Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024, Claims process open until November 18, 2025; tiers for compensation based on documented losses, Eligible individuals advised to file claims by November 18, 2025, via online or mail; documentation required for higher compensation tiers, Eligibility checks via website or hotline (833-890-4930); claims deadline: 2025-11-18, Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information., File claims by Nov. 18, 2025 via telecomdatasettlement.com or mail.Documented losses may increase payout (up to $5K for 2019, $2.5K for 2024).Check spam folders for Class Member ID notifications.Call 833-890-4930 for assistance., Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure, Beware of scams; official notices come only from [email protected] the provided Class Member ID or AT&T account credentials to file claims.Mail-in claims must be postmarked by the submission deadline (address: AT&T Data Incident Settlement c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324)., Applicants/employees advised to change passwords, enable MFA, and monitor for fraud.Official guidance from AT&T pending., Confirm breach legitimacy by contacting AT&T directly.Update passwords and enable MFA for affected accounts.Monitor financial accounts and credit reports for unauthorized activity.Report identity theft to the FTC via IdentityTheft.gov.Utilize free credit monitoring services if provided by AT&T., Eligible customers can claim up to $7,500 (if affected by both breaches)Tiered compensation based on SSN exposure (first breach) or documented loss (second breach)Claims process opened Aug. 4, 2024, Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail., Eligible customers must file claims via online form or mail by Dec. 18, 2025. Payments will be distributed on a pro rata basis after final approval., Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims., Check eligibility for settlement claims via the official portal or by mail.No proof of AT&T service required for basic eligibility.Opt-out option available for those wishing to pursue independent legal action.Public urged to remain vigilant against phishing scams and identity theft attempts., Change passwords immediately, even if the company states passwords weren’t accessed.Enable 2FA on all accounts.Monitor bank and credit card transactions for fraud.Freeze credit if SSN or highly sensitive data was exposed.Accept free credit/identity monitoring offered by AT&T.Beware of follow-up scams impersonating AT&T or offering assistance., Claim deadline extended to December 18, 2024Claims can be submitted online (Kroll website) or by mailDocumented proof of losses required (receipts, official documents)Self-written statements not acceptedFirst breach victims eligible for up to $5,000; second breach victims up to $2,500; dual victims up to $7 and500.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-party cloud platform and Dark Web File-Sharing Site.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was 2024_breach: Weak credential security in Snowflake environment (shared across ~165 companies), , Likely exploitation of unpatched vulnerabilities or misconfigured systems (e.g., similar to the Windows Kerberos zero-day flaw patched by Microsoft in August 2025).Inadequate real-time monitoring of sensitive data repositories (call/text records).Delayed detection of exfiltration activity, allowing threat actors to access historical data (2022–2023)., breach_2019: Unknown (poor data protection or insider threat), breach_2024: Weak credential management for Snowflake access; lack of multi-factor authentication (MFA) or IP restrictions, , Inadequate protection of sensitive customer data (e.g., SSNs, call records).Vulnerabilities in third-party cloud platform security (July 2024 breach).Failure to prevent data exfiltration to the dark web (March 2024 breach)., Outdated security protocolsInadequate encryption and monitoringVulnerability to sophisticated hacking attempts, Inadequate security controls on third-party cloud platformDelayed detection (breach occurred in March/July 2024, detected in April 2024).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was $177M settlement for affected customersEnhanced claim processing via KrollLegal actions against threat actors (two arrests), Settlement payouts to avoid litigation; no technical remediation details disclosed, Settlement payments; no technical remediation details disclosed, Settlement payouts and customer notifications, Deploy **automated vulnerability scanners** with AI-driven prioritization to detect and remediate flaws proactively.Enhance **data encryption and access controls** for customer communication records.Implement **behavioral analytics** to detect anomalous data access patterns indicative of exfiltration.Conduct **third-party audits** of cloud and on-premises deployment models to identify gaps in security posture.Establish **cross-functional incident response teams** with clear escalation paths for data breach scenarios., Settlement fund for victims.Assumed: Strengthened third-party access controls (e.g., MFA for Snowflake).Proactive password resets for affected users (2019).Legal accountability (arrests for 2024 breach)., Financial compensation for affected customersExtended claim-filing windowPublic awareness campaigns about phishing risks, $177 million settlement to affected customers, Settlement payouts, customer compensation tiers, Settlement fund established; no technical remediation details disclosed, $177 million settlement fund for affected customers.Enhanced legal and administrative processes for claims verification.Public acknowledgment of harm and need for accountability (though no admission of wrongdoing)., Settlement agreement includes commitments to improve encryption and monitoring.Enhanced data security measures implemented post-breach.Public awareness campaigns to inform affected customers., $177 million settlement to affected customers.Provision of free credit/identity monitoring services.Public communication and advisories to guide customer response., Settlement agreement to compensate affected customersLegal and regulatory compliance review.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=att' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
