AT&T Confronts Intense Legal Battles Amid Massive Data Breach Impacting 73 Million Customers

It’s a nightmare scenario: AT&T, one of the largest telecommunications companies in the U.S., has admitted to a massive data breach that exposed the sensitive information of 73 million current and former customers. Now, they’re facing multiple class-action lawsuits as a result.

Legal Battle Begins

Since AT&T confirmed the breach on Saturday, ten lawsuits have been filed against the company. One of them is being handled by Morgan & Morgan, a law firm known for its recent success in a privacy lawsuit against Google. They are representing plaintiff Patricia Dean and others similarly affected by the breach.

The lawsuit argues that AT&T failed to adequately protect the personal data of its customers, leading to a cyberattack and subsequent data breach that exposed sensitive information for a whopping 73 million people. This includes names, addresses, phone numbers, dates of birth, Social Security Numbers, and email addresses.

A Timeline of Denials

Back in 2021, threat actor Shiny Hunters claimed to have hacked AT&T and attempted to sell the stolen data. AT&T denied these allegations, saying the leaked data samples didn’t belong to them. Fast forward to March 17, 2024, when another threat actor named ‘MajorNelson’ leaked the entire database on a hacking forum for free, confirming it was the same data from Shiny Hunters’ attack.

Despite this, AT&T continued to deny that the leaked data originated from their systems and claimed there were no signs of a breach. However, after conducting an internal investigation, they finally admitted on March 30, 2024, that the exposed data belonged to 7.6 million current account holders and approximately 65.4 million former account holders.

Worse still, AT&T revealed that the passcodes for 7.6 million customers were exposed in the leak. These passcodes are required for customer support or sensitive account changes, so this breach could have allowed attackers to gain access to accounts more easily.

Years of Risk

AT&T believes the leaked data is from 2019 and earlier, but they still can’t determine whether it came from their systems or a partner. Their initial and subsequent denials about the origin and authenticity of the leaked data, coupled with their inability to determine the source through timely investigations, have put customers at risk of scams and phishing attacks for nearly three years – if not longer.

Dean’s complaint argues that AT&T’s inadequate security measures and failure to provide timely, adequate notice about the data breach exposed customers to substantial risks, including identity theft and various forms of fraud. The lawsuit accuses AT&T of negligence, breach of implied contract, and unjust enrichment, and seeks compensatory damages, restitution, injunctive relief, improvements to AT&T’s data security protocols, future audits, credit monitoring services funded by the company, and a trial by jury.

A Call for Accountability

In a statement, a Morgan & Morgan spokesperson said, “As the largest telecommunications company in the country, AT&T has a crucial duty to safeguard their current and former customers’ sensitive information. We allege AT&T knew about the vulnerability that allegedly led to this breach but allowed it to occur by failing to act. We’re also alleging AT&T exacerbated the problem by failing to acknowledge the breach had occurred until March 30 of this year, allowing customers’ personal data to linger in criminal hands without their knowledge for more than two-and-a-half years. We will fight to hold AT&T accountable for their alleged actions and inactions that allowed this to happen, and secure justice for all 73 million Americans impacted by this attack on their privacy.”

We reached out to AT&T for a statement but are still awaiting a response. In the meantime, other class-action lawsuits have been filed against AT&T, including those by plaintiffs Williamson, Escano, Collier, and Cumo. These lawsuits will likely be consolidated in the future.

As consumers, it’s crucial that we stay informed about the security measures taken by the companies we trust with our sensitive information. Keep coming back to us for the latest news on cybersecurity and learn how to protect yourself from potential threats.