AT&T is facing the consequences of a series of significant data breaches from the previous year, resulting in a U.S. District Court approving a $177 million class-action settlement. This settlement relates to the exposure of personal information for tens of millions of customers, as announced by Judge Ada Brown in Dallas. This decision marks a challenging period for the nation’s third-largest wireless carrier, which is not alone in confronting such issues among telecom giants. The settlement arises from two breaches reported in May and July 2024, affecting at least 73 million individuals, including approximately 7.6 million current customers and around 65.4 million former account holders.
As a result, current customers were required to reset their account credentials, while both groups had their personal data compromised and circulated on the dark web. Judge Brown deemed the settlement “fair and reasonable,” although AT&T has denied any wrongdoing. They assert that the settlement helps avoid the costs and unpredictability of prolonged legal battles. Customers who can demonstrate financial losses directly linked to the breaches may receive compensation ranging from $2,500 to $5,000, depending on the nature of their losses.
Others impacted by the breaches will be compensated with smaller amounts that are yet to be determined. The breaches reveal troubling security weaknesses, including an incident where call and text metadata was extracted from AT&T’s internal Snowflake cloud platform over a six-month period in 2022, affecting nearly all customers. Additionally, another breach involved data from as far back as 2019. In a separate incident in 2023, information from 8.9 million customers was compromised due to a former cloud vendor’s failure to delete outdated billing data, resulting in a $13 million fine from the FCC.
This ongoing saga highlights a pattern of cybersecurity failures within the telecom and tech industries, as other major companies, including T-Mobile, Google, and Coinbase, have also reported breaches recently. While AT&T’s settlement payments will not commence until early 2026, the real challenge lies in whether the company and other data brokers will take effective action to safeguard their networks amidst ever-evolving cyber threats.
Leave a Reply