New Extortion Group "Pink" Targets Organizations with Vishing and Cloud Data Theft A recently identified extortion group, tracked as Pink, is leveraging voice phishing (vishing) and fake IT help-desk calls to infiltrate corporate networks, steal sensitive data, and demand ransom payments. First detected by Palo Alto Networks’ Unit 42, the group classified as cluster CL-CRI-1147 launched its data-leak site on May 31, 2026. Pink’s tactics mirror those of other cybercriminal collectives, including Lapsus$, Scattered Spider, and ShinyHunters, which have previously targeted high-profile organizations like Nvidia, Microsoft, Okta, MGM Resorts, and AT&T. These groups typically impersonate IT staff or employees to phish credentials and bypass multi-factor authentication (MFA), then exfiltrate data from cloud storage platforms such as SharePoint and OneDrive. Unit 42 analysts linked Pink to The Com, a loosely organized network of hackers, SIM swappers, and extortionists, some of whom have ties to violent crime. After monitoring multiple extortion attacks, researchers observed Pink’s operators re-engaging with a victim on June 1, 2026, via a free webmail account, providing a new qTox ID and a leak site under the Pink brand. The group sets a 72-hour deadline for ransom negotiations before leaking stolen data. Once inside a victim’s environment, Pink exfiltrates files and uses compromised accounts to send internal extortion messages via Microsoft Teams. The group reuses second-level domains for phishing, tailoring third-level domains to specific targets. Indicators of compromise include the domains passkeyadd[.]com, passkeydeploy[.]com, and deploypasskey[.]com, as well as IP addresses 185[.]178.208[.]153, 172[.]93.100[.]252, and 96[.]232.20[.]66. Observed user-agent strings during data exfiltration include Microsoft.Graph.Client/5.62.0 and python-requests/2.28.1.

Massive Password Breaches in 2024–2025: What You Need to Know In 2025, cybersecurity researchers uncovered two of the largest credential leaks in history: a 16 billion-password compilation an aggregation of thousands of breaches over years and an 184 million-record database sourced from infostealer malware, containing active logins for platforms like Google, Apple, Microsoft, and Facebook. These incidents are part of an accelerating trend: password breaches are no longer isolated events but a persistent, industrial-scale threat. ### How Password Breaches Happen Attackers exploit vulnerabilities, misconfigured servers, or phishing attacks to steal credential databases from platforms. Once exfiltrated, the data is traded on dark web forums, packaged into "combo lists," and used in credential-stuffing attacks automated attempts to log into other accounts using the same stolen credentials. By the time a breach is publicly disclosed (often months later), the credentials may have already been circulating for weeks. ### Why Password Breaches Are Uniquely Dangerous Unlike general data breaches (which may expose names or payment details), password breaches give attackers direct access to accounts. Weak or reused passwords amplify the risk: a single leaked credential can compromise multiple accounts if reused. According to Verizon’s Data Breach Investigations Report, stolen credentials are the leading cause of hacking-related breaches, responsible for incidents like the Colonial Pipeline attack. ### Major Breaches in Recent Years - 2025: 16B-password compilation (multi-source aggregation); 184M-record infostealer dump. - 2024: Ticketmaster (560M records), Snowflake-linked breaches (AT&T, Santander), alleged Oracle Cloud compromise. - 2022: LastPass (encrypted vaults + unencrypted metadata stolen). - 2013–2016: Yahoo (3B accounts), Adobe (153M), LinkedIn (117M). ### How Platforms Detect Breached Passwords Google, Apple, Chrome, and Safari now include built-in breach monitoring: - Google Password Checkup: Cross-references saved credentials against a database of 4B+ compromised passwords. - Apple’s Password Monitor: Flags breached passwords in iCloud Keychain using privacy-preserving hashing. - Firefox Monitor/Have I Been Pwned (HIBP): Public tools to check email addresses against breach datasets. ### What to Do If Your Password Is Breached 1. Change the flagged password immediately and any other accounts using it. 2. Prioritize high-risk accounts (email, financial, healthcare). 3. Use a password manager (Bitwarden, 1Password, Keeper) to generate and store unique passwords. 4. Enable two-factor authentication (2FA) on critical accounts. ### Dark Web Monitoring: The Next Layer of Defense Standard tools (HIBP, Google Checkup) rely on publicly disclosed breaches, which can lag behind criminal activity. Dark web monitoring scans private forums, infostealer logs, and marketplaces to detect stolen credentials before they appear in public databases, narrowing the window for attackers to exploit them. The scale of credential exposure in 2024–2025 underscores a grim reality: most users have had passwords leaked at least once. The question is no longer if but how many times and whether proactive measures are in place to limit the damage.

FBI Network Breach Targets Surveillance Systems Hackers have reportedly compromised an FBI network used to manage wiretaps and foreign intelligence surveillance warrants, according to a CNN report citing an anonymous source. The breach was confirmed by an FBI spokesperson, who stated that the bureau detected and addressed "suspicious activities" on its systems, though no further details were provided. The incident marks the latest in a string of high-profile cyberattacks on U.S. government agencies and corporations. Last year, Chinese hackers infiltrated the U.S. Treasury and the National Nuclear Security Administration, while Russian operatives stole sealed court records. Separately, a Chinese state-linked group, Salt Typhoon, breached at least 200 U.S. companies, including major telecommunications providers like AT&T, Verizon, Lumen, Charter Communications, and Windstream. The FBI has not disclosed the extent of the breach or the identity of the attackers, but the incident underscores ongoing cybersecurity threats to critical U.S. infrastructure.

FBI Confirms Major Cyber Incident Linked to Chinese Hackers The FBI recently notified Congress of a significant cyber intrusion under the Federal Information Security Modernization Act (FISMA), marking a rare declaration of a "major incident" involving its own systems. The breach, attributed to sophisticated hackers likely backed by China, compromised sensitive data, including legal surveillance returns such as pen register and trap-and-trace records and personally identifiable information tied to FBI investigations. The attack exploited a commercial internet service provider’s vendor infrastructure, demonstrating advanced tactics. While the exact trigger for the FISMA designation remains unclear, such incidents typically involve the exfiltration of data posing acute risks to national security, foreign relations, or public confidence. Former FBI cyber division official Cynthia Kaiser noted that the bureau has not reported a major incident of this scale since at least 2020, underscoring the severity of the breach. Pen register and trap-and-trace tools, which track call and internet activity without capturing content, are highly valuable to foreign intelligence services, as they could reveal FBI surveillance targets. The incident appears unrelated to a recent Iranian-linked compromise of FBI Director Kash Patel’s emails but aligns with China’s escalating cyber operations against U.S. national security systems. Sen. Mark Warner (D-Va.), chair of the Senate Intelligence Committee, described the breach as a stark reminder of China’s growing cyber aggression. Under FISMA, the declaration should trigger an interagency response, though it remains unclear whether containment efforts have been successful. The White House convened a meeting in early March with officials from the FBI, NSA, and CISA to address the breach. Chinese hackers have increasingly targeted commercial communications providers as entry points into federal networks, with recent campaigns such as those by groups like Volt Typhoon and Salt Typhoon compromising critical infrastructure and telecommunications providers, including the theft of call records and FBI wiretap data. While U.S. officials believe the FBI acted swiftly to mitigate the incident, the breach highlights persistent vulnerabilities in even the most secure systems. The attack serves as a reminder of the relentless threat posed by state-backed cyber adversaries.

FBI Investigates Sophisticated Breach of Surveillance System Holding Sensitive Law Enforcement Data The FBI, alongside agencies including CISA and the NSA, is probing a cyber intrusion into the Digital Collection System Network (DCSNet), an unclassified but highly sensitive surveillance platform used to store law enforcement data. The breach was first detected on February 17, with the FBI notifying Congress this week after identifying unusual activity linked to the system. DCSNet contains legal process returns such as pen register and trap-and-trace data along with personally identifiable information (PII) on subjects of FBI investigations. Pen registers, which log dialed phone numbers, were among the compromised records. The attacker employed advanced techniques, including leveraging a commercial ISP’s infrastructure, to bypass security controls, a tactic increasingly used by nation-state threat actors. While the FBI has not disclosed the attacker’s identity, the incident aligns with recent campaigns by Chinese and Russian hacking groups, which have targeted U.S. government and telecom networks via ISP compromises. Notably, China-linked group Salt Typhoon breached major telecom providers including Verizon, AT&T, and Lumen Technologies in 2024, raising concerns about supply-chain infiltration. The breach occurs amid heightened cyber tensions, including Iran-backed hacking activity following U.S.-Israeli airstrikes on February 28. However, most Iranian cyber operations have focused on Middle Eastern and European targets rather than the U.S. The investigation also unfolds against a backdrop of staffing cuts at key cybersecurity agencies, with the FBI dismissing nearly two dozen employees many in cyber and counterintelligence roles just days before the Iran strikes. Security experts warn the breach underscores the risks of institutional knowledge loss. Damon Small of Xcape described the incident as a "catastrophic vulnerability window" created by the departure of experienced defenders, leaving critical systems exposed. The FBI has not released further details, but the involvement of the White House, NSA, and Justice Department signals the severity of the compromise.

AT&T Customer Data Resurfaces in Massive Compilation, Heightening Identity Theft Risks A newly disclosed dataset linked to AT&T contains a staggering 176 million records, exposing sensitive customer information that significantly amplifies the threat of identity theft and fraud. The data, privately circulated since February 2, 2026, appears to be a compilation of records gathered over time, rather than the result of a single breach. The dataset includes highly detailed profiles, with: - 148 million Social Security numbers (full and partial) - 133 million full names and street addresses - 132 million phone numbers - 75 million dates of birth - 131 million email addresses Unlike fragmented leaks, this collection provides cybercriminals with a comprehensive toolkit for targeted attacks. The combination of personally identifiable information (PII) enables sophisticated phishing campaigns, SIM-swap fraud, and account takeovers, as attackers can impersonate victims with precise details. Financial institutions and mobile carriers often rely on this exact data for identity verification, making the dataset particularly dangerous. The incident underscores how breach data evolves over time aggregated, refined, and repurposed for criminal use. While the exact origin of the records remains unclear, the breadth and depth of the information make it a prime resource for long-term fraud, including credit fraud and tax return scams. AT&T customers, past or present, are advised to remain vigilant against suspicious communications and monitor financial accounts for unauthorized activity. The dataset’s circulation highlights the persistent risks of historical breaches, where old data resurfaces with renewed potency.

Millions of AT&T customers may be entitled to receive up to $7,500 after the company was ordered to pay $177 million in a settlement related to two major data breaches. The deadline to submit claims has been extended to December 18, 2025, giving customers additional time to apply.

AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web.

AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed sensitive personal data of customers, while the second involved call and text logs tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to $7,500 in compensation, split between two funds: $149M for compromised personal data and $28M for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like identity theft, phishing, and account takeovers, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector.

The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors.

AT&T deadline to file in part of a $177 million settlement is fast approaching. AP The deadline to file a claim in the massive $177 million AT&T data breach settlement is approaching fast. Eligible customers have about two weeks left to submit their claims before the Dec. 18 cutoff. The settlement stems from two AT&T data breaches in 2024, which occurred just months apart and exposed personal information for millions of current and former customers. What happened The first breach, in March 2024, leaked addresses, dates of birth, billing account numbers, passcodes, and Social Security numbers belonging to 7.6 million current and 65.4 million former AT&T customers. According to the settlement website, this information was released on the dark web. The second breach, in July 2024, exposed call and text records for about 110 million customers between 2022 and 2023. These records were “illegally downloaded from our workspace on a third-party cloud platform,” the settlement states. Multiple lawsuits followed, later consolidated and resolved with a settlement in the U.S. Northern District Court of Texas. How much money could you receive? Customers affected by either breach can file a claim, but payouts vary depending on which incident impacted them. Those affected by both breaches may qualify for up to $7,500. For those involved in the first breach, class members receive up to $5,000 if they can show the losses are “fairly traceable to the AT&T 1 Data Incident.” Remaini

For much of the summer, Snowflake, a cloud data storage provider, was targeted by a series of data breaches affecting over 165 customers, exposing hundreds of millions of records. These customers included large corporations such as AT&T, Santander, and Live Nation Entertainment. Despite the breach's extensive reach, Snowflake has since implemented mandatory multifactor authentication. The disruptions caused by these incidents highlight the importance of robust cybersecurity practices.

AT&T suffered two major data breaches in March and July 2024, exposing sensitive customer information. The March breach leaked Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes, and other personal data on the dark web. The July breach exposed phone numbers, call logs, interaction counts, call frequencies, and cell site IDs. Millions of users were affected, with some experiencing identity theft risks, financial fraud, and reputational harm. AT&T agreed to a $177 million settlement, offering victims up to $7,500 in compensation, depending on the extent of data exposure. The breaches led to legal action, financial losses for customers, and long-term trust erosion in the company’s cybersecurity measures.

AT&T faced two major data breaches in 2024 (March and July), exposing millions of customers' personal information, including Social Security numbers, birthdates, and phone records. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to identity theft and fraud, leading to a $177 million settlement—one of the largest in the telecom sector. The settlement covers current and former customers, offering compensation (up to $7,500 per person), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to enhanced security measures like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the FCC and FTC likely to impose stricter breach notification rules and penalties.

Table of Contents How to Get Your Share of the AT&T Settlement Payouts How Much Money Can You Receive? How to Submit a Claim When Is the Deadline to Submit a Claim? What if I Want to Sue AT&T Individually? What If I Don't Like the Terms of This Settlement? What If I Do Nothing? Were you caught up in either of the two AT&T data breaches from 2019 or 2024? If so, you might be eligible for part of a $177 million settlement. According to court documents, the settlement fund consists of $149 million to address a major data leak in 2019, which allowed cybercriminals to exploit the data of former and existing subscribers for years. Last March, AT&T finally confirmed the breach, sparking a wave of class-action lawsuits alleging the company had failed to safeguard the data of 51 million users, including their names, Social Security numbers, and dates of birth. The rest of the $28 million is meant to address a second incident involving a hacker breaching AT&T’s account with cloud storage provider Snowflake in April 2024. This enabled the cybercriminal to access call and text records for nearly all customers. Another round of class-action lawsuits followed, alleging corporate neglect. However, AT&T said no customer names were included in the stolen information. Law enforcement also arrested the two alleged hackers involved in the breach. How to Get Your Share of the AT&T Settlement Payouts You're eligible for a payout if your data was compromised in one or both of the two data brea

In 2024, AT&T suffered two major data breaches exposing highly sensitive customer information. The first breach (March 30, 2024) leaked names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers (SSNs) on the dark web, enabling identity theft and financial fraud risks. The second breach (July 12, 2024) involved unauthorized access to telephone numbers, call records, interaction frequencies, and cell site identification numbers via a third-party cloud platform. Some customers were affected by both incidents, with potential payouts reaching $7,500 per victim ($5,000 for SSN exposure, $2,500 for call data leaks). AT&T agreed to a $177 million settlement, one of the largest in telecom history, acknowledging the severity of the data exposure and its long-term risks, including fraud, reputational damage, and legal liabilities. The breaches impacted millions of current and former customers, with claims requiring documentation of losses. Final payouts depend on the total number of valid claims, with distribution expected in early 2026 post-court approval.

AT&T might owe you $7,500 for that data breach mess. Here's how to get paid. wdstock/Getty Images Millions of AT&T customers were horrified in 2024 to discover that their personal information had been exposed in a pair of serious data breaches. Following a court case, the company has been ordered to pay $177 million in a substantial settlement. If you're an affected customer, you may be eligible for compensation of up to $7,500. For all the procrastinators out there, a court just extended the deadline. You now have until Dec. 18, 2025, to submit your claim. That means you only have two weeks left. If you were affected by one or even both of the breaches, you're eligible for a payout. But this could be your final notice. The deadline is firm, and you don't want to miss this opportunity. Here's everything you need to know about how to file your claim and how much cash you could get. Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source. What were these data breaches at AT&T? The two data breaches related to AT&T's current $177 million settlement occurred in 2019 and 2024, although the company didn't acknowledge the 2019 breach until March 2024, weeks after it detected customer data spreading on the dark web. The 2019 breach involved personal data, including Social Security numbers, birth dates and legal names, and it affected 7.6 million current AT&T customers and 65.4 million former account holders. Soon after the discl

The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown.

AT&T suffered from a data breach incident after vendor hack that exposed 9 million customers data. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Customer Exclusive Network According to AT&T, information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public.

On March 30, 2024, AT&T disclosed a massive data breach exposing 73 million accounts (7.6M current + 65.4M former customers). Hackers leaked dark web datasets containing Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers—highly sensitive personal and financial data. A second breach on July 12, 2024, involved hackers downloading call and text records (excluding content) of nearly all AT&T cellular, MVNO, and landline customers from a third-party cloud platform (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered federal investigations, national security concerns (FBI/DOJ delays), and a $177M class-action settlement (up to $7,500 per victim). The breaches prompted state/federal lawsuits, regulatory scrutiny, and reputational damage, with AT&T facing customer churn risks and operational disruptions from incident response.

A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. It corresponds to current and former customers of AT&T. It intercepted a 1.6 gigabyte compressed file on a popular dark web file-sharing site. The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs. There are no passwords in the database. AT&T Internet is offered in 21 states and nearly all of the records in the database that contain a state designation corresponded to those 21 states; all other states made up just 1.64 percent of the records. The vast majority of records in this database belong to consumers, but almost 13,000 of the entries are for corporate entities.

AT&T is settling two major data breaches affecting 72.6 million customers (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The first breach (March 2024) exposed highly sensitive data—including Social Security numbers, birthdates, addresses, passcodes, and billing details—on the dark web. The second breach (disclosed July 2024) involved hackers infiltrating a cloud platform to steal six months of call/text metadata (2022), including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to $5,000 (first breach), $2,500 (second breach), or $7,500 (both). AT&T denies wrongdoing but agreed to a $177M settlement to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from [email protected] with claim deadlines set for November 18, 2024.

AT&T experienced two major data breaches in 2024. The first, announced on March 30, 2024, exposed 73 million accounts (7.6M current, 65.4M former customers), leaking Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers on the dark web. The second, disclosed on July 12, 2024, involved hackers downloading call and text records (excluding content) of nearly all cellular customers and landline interactions from May 1, 2022 – October 31, 2022 via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to national security risks. AT&T settled lawsuits for $177 million, with affected customers eligible for up to $7,500 in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data.

The Everest ransomware group claimed to have stolen 576,686 personal records from AT&T Careers, the telecom giant’s official job and recruitment platform. The leaked data reportedly includes applicant and employee records, such as resumes, career-related information, and potentially sensitive personal details. The group posted the listing on its dark web leak site on October 21, with a four-day countdown before public release, restricting access behind a password. While AT&T has not confirmed the breach, the incident follows prior high-profile breaches, including a 2021 ShinyHunters attack (70M customer records) and a 2025 leak (86M decrypted SSNs). The Everest group, known for extorting corporations, has previously targeted companies like Coca-Cola and Mailchimp. The breach raises concerns over employee data security, potential phishing risks, and AT&T’s cybersecurity posture, especially if third-party vendors were involved. Affected individuals are advised to reset passwords, enable MFA, and monitor financial/credit activity for signs of misuse.

ShinyHunters Hacking Group Targets Major Organizations, Including Education Sector The cybercriminal group ShinyHunters, named after the rare "Shiny" Pokémon sought after by players, has emerged as a significant threat since 2020. According to threat intelligence from Ransomware.live, the group has compromised 104 victims across 14 countries, stealing trillions of records. The majority of attacks 73 incidents have targeted U.S.-based organizations, including high-profile names such as Microsoft, Ticketmaster, Google, Cisco, AT&T, McDonald’s, Disney/Hulu, Harvard, and Princeton. One of the group’s most disruptive attacks involved Instructure’s Canvas Learning Management System (LMS), which serves educational institutions. The breach exploited a vulnerability in the Free for Teacher environment, a no-cost version of Canvas that allows independent educators to manage classes. Following the attack, Instructure temporarily disabled the service while conducting a security review. The incident highlights broader risks posed by centralized digital ecosystems and third-party dependencies, demonstrating how modern extortion operations can disrupt critical sectors even beyond education. While technical details remain limited, the attack underscores the growing threat of sophisticated cybercriminal groups targeting both corporate and institutional infrastructure.

AT&T suffered two massive data breaches in 2019 and 2024, compromising nearly 200 million people combined. The 2019 breach exposed Social Security numbers, birth dates, and legal names of 7.6 million current and 65.4 million former customers, discovered only in 2024 when data surfaced on the dark web. The 2024 breach involved hackers (linked to ShinyHunters) accessing phone records of ~109 million customers from AT&T’s Snowflake cloud warehouse, containing call and text metadata. Both breaches led to a $177 million class-action settlement, with payouts up to $5,000 (2019 victims with documented losses) and $2,500 (2024 victims with proof). The breaches triggered password resets for all affected users, legal action against two arrested hackers, and consolidated lawsuits. The 2019 incident received $149 million in settlements, while the 2024 Snowflake breach got $28 million.

AT&T faced a significant data breach that exposed sensitive customer information, including names, addresses, and call records, spanning from 2015 to 2023. The breach led to a $177 million settlement, with affected customers eligible for compensation ranging from hundreds to up to $7,500. The exposed data, while not explicitly including financial or highly sensitive personal details like Social Security numbers, still posed substantial privacy risks. Customers were required to file claims via a dedicated settlement website by November 18, 2024, to receive compensation. The breach underscored vulnerabilities in AT&T’s data protection measures, prompting legal action and financial repercussions for the company. The incident highlighted the broader risks of long-term data exposure, even if the immediate financial or operational impact on customers was not explicitly detailed in the report.

On June 10, 2014, the California Office of the Attorney General reported a data breach involving AT&T Mobility, LLC. The breach occurred between April 9 and April 21, 2014, involving unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI). The exact number of individuals affected is unknown.

The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring.

Data Breach Checkers: How They Work and Why They Matter A data breach checker is a tool that scans breach databases, dark web markets, and malware logs to determine whether personal information such as email addresses, passwords, phone numbers, or Social Security numbers (SSNs) has been exposed in a known incident. These tools cross-reference user-provided identifiers (e.g., an email or phone number) against vast datasets of compromised records, revealing exposure events that may have gone unnoticed. ### How Breach Checkers Operate Most breach checkers use a hashing and matching model: a user submits an identifier (e.g., an email), which is hashed for privacy before being compared against a database of known breaches. The quality of results depends on the tool’s data sources. Basic checkers rely on publicly disclosed breaches, while advanced ones monitor dark web markets, criminal forums, paste sites, and infostealer malware logs sources that often reveal exposures before they’re formally reported. Key data sources include: - Publicly disclosed breaches (e.g., Adobe 2013, Yahoo 2013–2014). - Dark web intelligence (automated crawlers tracking criminal marketplaces). - Infostealer logs (credentials harvested by malware from infected devices). ### What Breach Checkers Can (and Can’t) Detect A breach checker can confirm: - Whether an identifier (email, phone, username) appeared in a breach. - The breach’s origin, approximate date, and exposed data categories (e.g., passwords, addresses). However, a clean result doesn’t guarantee safety. There’s always a lag between a breach, its discovery, and its inclusion in monitoring tools. A one-time check reflects only known exposures at that moment not future leaks. ### Why Proactive Checks Matter Breach notifications are slow and unreliable. U.S. laws allow companies 30–90 days to notify affected individuals after discovery, and many breaches are never disclosed at all. By then, stolen data may have circulated on the dark web for months. Proactive checking using tools that monitor real-time sources is the only way to detect exposure early. ### How to Check for Exposure #### Email Addresses The most commonly exposed identifier. Tools like DeXpose’s Email Data Breach Scan or Have I Been Pwned (HIBP) cross-reference emails against breach databases and dark web sources. If a password is exposed, all accounts using it (or variations) should be updated immediately. #### Phone Numbers Harder to track due to inconsistent indexing in breaches. HIBP added phone number checks in 2021, covering datasets like the 2021 Facebook breach (533M records). For broader coverage, dark web monitoring tools scan criminal markets where phone numbers appear. #### Social Security Numbers (SSNs) No legitimate tool stores or searches raw SSNs. Instead, checkers like Pentester’s NPD breach tool (for the 2024 National Public Data breach, 2.9B records) verify exposure by matching name, state, and date of birth against known datasets. Additional protections include: - Credit freezes (prevents new account fraud). - IRS Identity Protection PIN (blocks fraudulent tax filings). #### Dark Web Monitoring Standard search engines can’t access the dark web. Dedicated services (e.g., DeXpose’s Dark Web Report) scan criminal markets, forums, and malware logs, providing source-specific alerts (e.g., whether credentials appeared in a fresh infostealer log vs. an old breach). #### High-Profile Breach Checks - AT&T (2024): Two breaches exposed 73M records (including SSNs) and call/text metadata for nearly all wireless customers. Check via [AT&T’s settlement page](https://www.att.com/breach). - National Public Data (NPD): 2.9B records (names, SSNs, addresses) leaked. Verify exposure at [npd.pentester.com](https://npd.pentester.com). - TransUnion/Experian: Credit-focused breaches may include credit history and personal identifiers. Freeze credit and monitor reports. ### After a Breach: Immediate Actions 1. Identify exposed data (e.g., passwords, SSNs, financial info). 2. Change passwords on the breached account and any others using the same (or similar) credentials. 3. Enable multi-factor authentication (MFA) on critical accounts (email, banking). 4. Freeze credit with all three bureaus if SSNs or financial data were exposed. 5. Monitor continuously one-time checks miss future exposures. ### Limitations of Free Tools While free tools like HIBP or Mozilla Monitor cover historical breaches, they often lack real-time dark web monitoring. Paid services (e.g., DeXpose, Google One Dark Web Report) provide broader coverage, including malware logs and criminal marketplaces. ### Key Takeaways - Breach checkers reveal hidden exposures but can’t guarantee safety. - Email checks are the baseline; phone numbers and SSNs require specialized tools. - Dark web monitoring detects fresh leaks faster than breach notifications. - Credit freezes and MFA are critical defenses after exposure. - Continuous monitoring is essential breaches don’t stop after a single check.

IBM and AT&T Accused of Covering Up Years-Long Data Breaches by Chinese Hackers A recently unsealed whistleblower lawsuit alleges that IBM and AT&T concealed multiple data breaches spanning from 2013 to 2016, including attacks attributed to Chinese state-backed hackers. William Barlow, IBM’s former vice president of threat intelligence, claims the company knew of breaches affecting its core network but failed to disclose them to authorities. The complaint asserts that Chinese threat actor APT 10 may have breached IBM’s systems over 56,000 times during the three-year period. Despite an alert from the Five Eyes intelligence alliance in 2017 prompting an internal investigation, IBM allegedly lacked critical logs to determine the scope of the breaches a lapse in standard security practices. The lawsuit further states that neither IBM nor AT&T could confirm what data was accessed, altered, or exfiltrated due to poor network design and insufficient logging. Barlow also alleges that breaches extended to at least two IBM subsidiaries, which were similarly concealed. AT&T, which managed IBM’s network infrastructure, is named in the complaint for its role in the alleged cover-up. IBM has denied wrongdoing, stating that the complaint filed six years ago was reviewed by the U.S. Department of Justice, which declined to intervene. A company spokesperson maintained that IBM’s actions complied with legal requirements. The case highlights long-standing concerns over corporate transparency in cybersecurity incidents involving state-sponsored threat actors.