AT&T’s Long Awaited Admission: Unveiling a Data Breach Impacting 73 Million Customers Featured
AT&T waited 3 years to finally acknowledge a 2021 data breach after presented with irrefutable proof its systems were compromised.
A class action complaint was filed against telecommunications services giant AT&T after it was leaned that it lost control of the personal data and other sensitive information belonging to more than 73 million customers.
What Happened?
According to the lawsuit, the leaked data first appeared for sale online back in August 2021. At the time AT&T openly refuted the claim stating that no entity had breached its’ systems.
Fast forward to March 2024 when TechCrunch reports that AT&T began a mass reset of customer passcodes after the publication informed the telecom giant on March 25, 2024 that the leaked data “contained encrypted passcodes that could be used to access AT&T customer accounts.” TechCrunch says this is the first time AT&T has acknowledged that the leaked data belongs to its customers, even though a hacker claimed credit for the theft some three years prior.
On March 30, 2024, AT&T finally confirmed that it was indeed impacted by a data breach affecting 73 million current and former customers. The company released a statement reporting that a data set posted on the dark web two weeks earlier contained AT&T data-specific fields that may have originated from AT&T or one of its vendors. The data set appeared to be from 2019 or earlier and impacted roughly 7.6 million current customers and 65.4 million former customers, AT&T stated.
Some media reports suggest that the exposed data set contained the same information as previously reported back in 2021, when a threat actor known as Shiny Hunters claimed to be selling stolen data belonging to 73 million AT&T customers.
What Information Was Stolen?
According to the lawsuit, information obtained by the hackers include:
- name
- address
- email address
- phone numbers
- dates of birth
- Social Security number
As a result of the data breach, customers affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.
The AT&T data breach case argues that victims have incurred “concrete injuries” as a result of the cyberattack, including an invasion of privacy, the lost or diminished value of their information, and lost time spent mitigating the consequences of the breach. AT&T data breach victims may also incur out-of-pocket costs related to credit monitoring services, credit freezes, credit reports and other services to protect themselves from identity theft and fraud, the suit adds.
How Did This Happen?
The investigation into the leak continues. According to the FAQ about the incident on the carriers website, AT&T still hasn’t determined the origin of leaked data, and whether it came from AT&T or one of its vendors.
What Can Identity Thieves Do With My Information?
Stolen personally identifiable information (PII) can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.
Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.
What is AT&T Doing To Protect My Identity?
Although the carrier is now taking action to address the threat, the class-action lawsuit faults AT&T for allegedly failing to respond in 2021 by thoroughly examining the leak or warning customers. The lawsuit also is alleging AT&T exacerbated the problem by failing to acknowledge the breach had occurred until March 30 of this year, allowing customers’ personal data to linger in criminal hands without their knowledge for more than two-and-a-half years.
If you receive a data breach notification from AT&T, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.
In the meantime, the class-action lawsuit is urging the court to force AT&T to pay damages, monetary relief, and for lifetime credit monitoring to the affected consumers.
Protect your identity. Join the AT&T data breach class action.
If you receive a Data Breach Notice from AT&T, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.
You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.
The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by AT&T on March 30, 2024.
Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.