AT&T
Company Details
Linkedin ID:
att
Website:
Employees number:
177,538
Number of followers:
1,591,781
NAICS:
517
Industry Type:
Homepage:
att.com
IP Addresses:
674
Company ID:
AT&_1353905
Scan Status:
Completed
AT&T Company CyberSecurity Posture
att.com
We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation? With you. Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable. What are you dreaming of doing with your career? Find stories about our talent, career advice, opportunities, company news, and innovations here on LinkedIn. To learn more about joining AT&T, visit: http://www.att.jobs We provide in some of our posts links to articles or posts from third-party websites unaffiliated with AT&T. In doing so, AT&T is not adopting, endorsing or otherwise approving the content of those articles or posts. AT&T is providing this content for your information only.
AT&T A.I CyberSecurity Scoring
AT&T Risk Score (AI oriented)Between 0 and 549
AT&T
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AT&T Global Score (TPRM)XXXX
AT&T
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AT&T Company CyberSecurity News & History
Past Incidents
21
Attack Types
3
| Entity | Type | Severity | Impact | Seen | Blog Details | Incident Details | View |
|---|---|---|---|---|---|---|---|
| AT&T | Breach | 85 | 4 | 3/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In 2024, AT&T suffered **two major data breaches** exposing highly sensitive customer information. The **first breach (March 30, 2024)** leaked **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers (SSNs)** on the dark web, enabling identity theft and financial fraud risks. The **second breach (July 12, 2024)** involved unauthorized access to **telephone numbers, call records, interaction frequencies, and cell site identification numbers** via a third-party cloud platform. Some customers were affected by **both incidents**, with potential payouts reaching **$7,500 per victim** ($5,000 for SSN exposure, $2,500 for call data leaks). AT&T agreed to a **$177 million settlement**, one of the largest in telecom history, acknowledging the severity of the **data exposure** and its **long-term risks**, including fraud, reputational damage, and legal liabilities. The breaches impacted **millions of current and former customers**, with claims requiring documentation of losses. Final payouts depend on the total number of valid claims, with distribution expected in **early 2026** post-court approval. | |||||||
| AT&T | Breach | 85 | 4 | 2/2014 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring. | |||||||
| AT&T | Breach | 85 | 4 | 5/2023 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown. | |||||||
| AT&T | Breach | 85 | 4 | 6/2015 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced a significant data breach that exposed sensitive customer information, including names, addresses, and call records, spanning from 2015 to 2023. The breach led to a $177 million settlement, with affected customers eligible for compensation ranging from hundreds to up to $7,500. The exposed data, while not explicitly including financial or highly sensitive personal details like Social Security numbers, still posed substantial privacy risks. Customers were required to file claims via a dedicated settlement website by November 18, 2024, to receive compensation. The breach underscored vulnerabilities in AT&T’s data protection measures, prompting legal action and financial repercussions for the company. The incident highlighted the broader risks of long-term data exposure, even if the immediate financial or operational impact on customers was not explicitly detailed in the report. | |||||||
| AT&T | Breach | 85 | 4 | 7/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T suffered two major data breaches in **March and July 2024**, exposing sensitive customer information. The **March breach** leaked **Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes**, and other personal data on the dark web. The **July breach** exposed **phone numbers, call logs, interaction counts, call frequencies, and cell site IDs**. Millions of users were affected, with some experiencing **identity theft risks, financial fraud, and reputational harm**. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, depending on the extent of data exposure. The breaches led to **legal action, financial losses for customers, and long-term trust erosion** in the company’s cybersecurity measures. | |||||||
| AT&T | Breach | 85 | 4 | 5/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed **sensitive personal data** of customers, while the second involved **call and text logs** tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to **$7,500** in compensation, split between two funds: **$149M** for compromised personal data and **$28M** for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like **identity theft, phishing, and account takeovers**, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector. | |||||||
| AT&T Data Breach Settlement Eligibility: Customers Have Two Weeks Left To Claim Up To $7,500 | Breach | 85 | 4 | 12/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Millions of AT&T customers may be entitled to receive up to $7,500 after the company was ordered to pay $177 million in a settlement related to two major data breaches. The deadline to submit claims has been extended to December 18, 2025, giving customers additional time to apply. | |||||||
| There Are Only 2 Weeks Remaining to Claim a Share of the Massive AT&T $177 Million Settlement | Breach | 85 | 4 | 1/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T might owe you $7,500 for that data breach mess. Here's how to get paid. wdstock/Getty Images Millions of AT&T customers were horrified in 2024 to discover that their personal information had been exposed in a pair of serious data breaches. Following a court case, the company has been ordered to pay $177 million in a substantial settlement. If you're an affected customer, you may be eligible for compensation of up to $7,500. For all the procrastinators out there, a court just extended the deadline. You now have until Dec. 18, 2025, to submit your claim. That means you only have two weeks left. If you were affected by one or even both of the breaches, you're eligible for a payout. But this could be your final notice. The deadline is firm, and you don't want to miss this opportunity. Here's everything you need to know about how to file your claim and how much cash you could get. Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source. What were these data breaches at AT&T? The two data breaches related to AT&T's current $177 million settlement occurred in 2019 and 2024, although the company didn't acknowledge the 2019 breach until March 2024, weeks after it detected customer data spreading on the dark web. The 2019 breach involved personal data, including Social Security numbers, birth dates and legal names, and it affected 7.6 million current AT&T customers and 65.4 million former account holders. Soon after the discl | |||||||
| AT&T | Breach | 85 | 4 | 6/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T faced two major data breaches in 2024 (March and July), exposing **millions of customers' personal information**, including **Social Security numbers, birthdates, and phone records**. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to **identity theft and fraud**, leading to a **$177 million settlement**—one of the largest in the telecom sector. The settlement covers **current and former customers**, offering compensation (up to **$7,500 per person**), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to **enhanced security measures** like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the **FCC and FTC** likely to impose stricter breach notification rules and penalties. | |||||||
| AT&T | Breach | 85 | 4 | 6/2022 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T is settling two major data breaches affecting **72.6 million customers** (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The **first breach (March 2024)** exposed highly sensitive data—including **Social Security numbers, birthdates, addresses, passcodes, and billing details**—on the dark web. The **second breach (disclosed July 2024)** involved hackers infiltrating a cloud platform to steal **six months of call/text metadata (2022)**, including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to **$5,000 (first breach)**, **$2,500 (second breach)**, or **$7,500 (both)**. AT&T denies wrongdoing but agreed to a **$177M settlement** to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from **[email protected]** with claim deadlines set for **November 18, 2024**. | |||||||
| AT&T Mobility, LLC | Breach | 85 | 4 | 4/2014 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: On June 10, 2014, the California Office of the Attorney General reported a data breach involving AT&T Mobility, LLC. The breach occurred between April 9 and April 21, 2014, involving unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI). The exact number of individuals affected is unknown. | |||||||
| AT&T | Breach | 100 | 4 | 01/2023 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T suffered from a data breach incident after vendor hack that exposed 9 million customers data. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Customer Exclusive Network According to AT&T, information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public. | |||||||
| Don’t wait: Deadline to claim up to $7,500 in AT&T settlement is 2 weeks away. Do you qualify? | Breach | 100 | 4 | 12/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: AT&T deadline to file in part of a $177 million settlement is fast approaching. AP The deadline to file a claim in the massive $177 million AT&T data breach settlement is approaching fast. Eligible customers have about two weeks left to submit their claims before the Dec. 18 cutoff. The settlement stems from two AT&T data breaches in 2024, which occurred just months apart and exposed personal information for millions of current and former customers. What happened The first breach, in March 2024, leaked addresses, dates of birth, billing account numbers, passcodes, and Social Security numbers belonging to 7.6 million current and 65.4 million former AT&T customers. According to the settlement website, this information was released on the dark web. The second breach, in July 2024, exposed call and text records for about 110 million customers between 2022 and 2023. These records were “illegally downloaded from our workspace on a third-party cloud platform,” the settlement states. Multiple lawsuits followed, later consolidated and resolved with a settlement in the U.S. Northern District Court of Texas. How much money could you receive? Customers affected by either breach can file a claim, but payouts vary depending on which incident impacted them. Those affected by both breaches may qualify for up to $7,500. For those involved in the first breach, class members receive up to $5,000 if they can show the losses are “fairly traceable to the AT&T 1 Data Incident.” Remaini | |||||||
| AT&T | Breach | 100 | 5 | 11/2025 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web. | |||||||
| AT&T | Breach | 100 | 5 | 6/2019 | |||
Rankiteo Explanation : Attack threatening the organization's existenceDescription: AT&T suffered two massive data breaches in **2019** and **2024**, compromising nearly **200 million people** combined. The **2019 breach** exposed **Social Security numbers, birth dates, and legal names** of **7.6 million current** and **65.4 million former customers**, discovered only in **2024** when data surfaced on the dark web. The **2024 breach** involved hackers (linked to **ShinyHunters**) accessing **phone records of ~109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing call and text metadata. Both breaches led to a **$177 million class-action settlement**, with payouts up to **$5,000 (2019 victims with documented losses)** and **$2,500 (2024 victims with proof)**. The breaches triggered **password resets for all affected users**, legal action against two arrested hackers, and consolidated lawsuits. The **2019 incident** received **$149 million** in settlements, while the **2024 Snowflake breach** got **$28 million**. | |||||||
| AT&T | Breach | 100 | 5 | 5/2022 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: AT&T experienced two major data breaches in 2024. The first, announced on **March 30, 2024**, exposed **73 million accounts** (7.6M current, 65.4M former customers), leaking **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers** on the dark web. The second, disclosed on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* cellular customers and landline interactions from **May 1, 2022 – October 31, 2022** via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to **national security risks**. AT&T settled lawsuits for **$177 million**, with affected customers eligible for up to **$7,500** in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data. | |||||||
| AT&T | Breach | 100 | 5 | 10/2022 | |||
Rankiteo Explanation : Attack threatening the organization's existenceDescription: On **March 30, 2024**, AT&T disclosed a massive **data breach** exposing **73 million accounts** (7.6M current + 65.4M former customers). Hackers leaked **dark web datasets** containing **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers**—highly sensitive personal and financial data. A second breach on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* AT&T cellular, MVNO, and landline customers from a **third-party cloud platform** (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered **federal investigations**, **national security concerns** (FBI/DOJ delays), and a **$177M class-action settlement** (up to **$7,500 per victim**). The breaches prompted **state/federal lawsuits**, regulatory scrutiny, and reputational damage, with AT&T facing **customer churn risks** and **operational disruptions** from incident response. | |||||||
| Less Than 2 Weeks Left: How to Claim Up to $7,500 From AT&T's $177 Million Data Breach Settlement | Breach | 100 | 4 | 4/2024 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Table of Contents How to Get Your Share of the AT&T Settlement Payouts How Much Money Can You Receive? How to Submit a Claim When Is the Deadline to Submit a Claim? What if I Want to Sue AT&T Individually? What If I Don't Like the Terms of This Settlement? What If I Do Nothing? Were you caught up in either of the two AT&T data breaches from 2019 or 2024? If so, you might be eligible for part of a $177 million settlement. According to court documents, the settlement fund consists of $149 million to address a major data leak in 2019, which allowed cybercriminals to exploit the data of former and existing subscribers for years. Last March, AT&T finally confirmed the breach, sparking a wave of class-action lawsuits alleging the company had failed to safeguard the data of 51 million users, including their names, Social Security numbers, and dates of birth. The rest of the $28 million is meant to address a second incident involving a hacker breaching AT&T’s account with cloud storage provider Snowflake in April 2024. This enabled the cybercriminal to access call and text records for nearly all customers. Another round of class-action lawsuits followed, alleging corporate neglect. However, AT&T said no customer names were included in the stolen information. Law enforcement also arrested the two alleged hackers involved in the breach. How to Get Your Share of the AT&T Settlement Payouts You're eligible for a payout if your data was compromised in one or both of the two data brea | |||||||
| AT&T | Breach | 100 | 5 | 1/2025 | |||
Rankiteo Explanation : Attack threatening the organization’s existenceDescription: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors. | |||||||
| AT&T | Cyber Attack | 100 | 6 | 08/2022 | |||
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. It corresponds to current and former customers of AT&T. It intercepted a 1.6 gigabyte compressed file on a popular dark web file-sharing site. The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs. There are no passwords in the database. AT&T Internet is offered in 21 states and nearly all of the records in the database that contain a state designation corresponded to those 21 states; all other states made up just 1.64 percent of the records. The vast majority of records in this database belong to consumers, but almost 13,000 of the entries are for corporate entities. | |||||||
| AT&T | Ransomware | 85 | 3 | 6/2021 | |||
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The Everest ransomware group claimed to have stolen **576,686 personal records** from **AT&T Careers**, the telecom giant’s official job and recruitment platform. The leaked data reportedly includes applicant and employee records, such as resumes, career-related information, and potentially sensitive personal details. The group posted the listing on its dark web leak site on **October 21**, with a **four-day countdown** before public release, restricting access behind a password. While AT&T has not confirmed the breach, the incident follows prior high-profile breaches, including a **2021 ShinyHunters attack** (70M customer records) and a **2025 leak** (86M decrypted SSNs). The Everest group, known for extorting corporations, has previously targeted companies like Coca-Cola and Mailchimp. The breach raises concerns over **employee data security**, potential **phishing risks**, and AT&T’s cybersecurity posture, especially if third-party vendors were involved. Affected individuals are advised to **reset passwords, enable MFA, and monitor financial/credit activity** for signs of misuse. | |||||||
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In 2024, AT&T suffered **two major data breaches** exposing highly sensitive customer information. The **first breach (March 30, 2024)** leaked **names, addresses, phone numbers, email addresses, dates of birth, account passcodes, billing numbers, and Social Security numbers (SSNs)** on the dark web, enabling identity theft and financial fraud risks. The **second breach (July 12, 2024)** involved unauthorized access to **telephone numbers, call records, interaction frequencies, and cell site identification numbers** via a third-party cloud platform. Some customers were affected by **both incidents**, with potential payouts reaching **$7,500 per victim** ($5,000 for SSN exposure, $2,500 for call data leaks). AT&T agreed to a **$177 million settlement**, one of the largest in telecom history, acknowledging the severity of the **data exposure** and its **long-term risks**, including fraud, reputational damage, and legal liabilities. The breaches impacted **millions of current and former customers**, with claims requiring documentation of losses. Final payouts depend on the total number of valid claims, with distribution expected in **early 2026** post-court approval.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced a significant data breach that exposed sensitive customer information, including names, addresses, and call records, spanning from 2015 to 2023. The breach led to a $177 million settlement, with affected customers eligible for compensation ranging from hundreds to up to $7,500. The exposed data, while not explicitly including financial or highly sensitive personal details like Social Security numbers, still posed substantial privacy risks. Customers were required to file claims via a dedicated settlement website by November 18, 2024, to receive compensation. The breach underscored vulnerabilities in AT&T’s data protection measures, prompting legal action and financial repercussions for the company. The incident highlighted the broader risks of long-term data exposure, even if the immediate financial or operational impact on customers was not explicitly detailed in the report.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T suffered two major data breaches in **March and July 2024**, exposing sensitive customer information. The **March breach** leaked **Social Security numbers, birthdates, addresses, email IDs, phone numbers, billing account numbers, passcodes**, and other personal data on the dark web. The **July breach** exposed **phone numbers, call logs, interaction counts, call frequencies, and cell site IDs**. Millions of users were affected, with some experiencing **identity theft risks, financial fraud, and reputational harm**. AT&T agreed to a **$177 million settlement**, offering victims up to **$7,500** in compensation, depending on the extent of data exposure. The breaches led to **legal action, financial losses for customers, and long-term trust erosion** in the company’s cybersecurity measures.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed **sensitive personal data** of customers, while the second involved **call and text logs** tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to **$7,500** in compensation, split between two funds: **$149M** for compromised personal data and **$28M** for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like **identity theft, phishing, and account takeovers**, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector.
AT&T Data Breach Settlement Eligibility: Customers Have Two Weeks Left To Claim Up To $7,500
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Millions of AT&T customers may be entitled to receive up to $7,500 after the company was ordered to pay $177 million in a settlement related to two major data breaches. The deadline to submit claims has been extended to December 18, 2025, giving customers additional time to apply.
There Are Only 2 Weeks Remaining to Claim a Share of the Massive AT&T $177 Million Settlement
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T might owe you $7,500 for that data breach mess. Here's how to get paid. wdstock/Getty Images Millions of AT&T customers were horrified in 2024 to discover that their personal information had been exposed in a pair of serious data breaches. Following a court case, the company has been ordered to pay $177 million in a substantial settlement. If you're an affected customer, you may be eligible for compensation of up to $7,500. For all the procrastinators out there, a court just extended the deadline. You now have until Dec. 18, 2025, to submit your claim. That means you only have two weeks left. If you were affected by one or even both of the breaches, you're eligible for a payout. But this could be your final notice. The deadline is firm, and you don't want to miss this opportunity. Here's everything you need to know about how to file your claim and how much cash you could get. Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source. What were these data breaches at AT&T? The two data breaches related to AT&T's current $177 million settlement occurred in 2019 and 2024, although the company didn't acknowledge the 2019 breach until March 2024, weeks after it detected customer data spreading on the dark web. The 2019 breach involved personal data, including Social Security numbers, birth dates and legal names, and it affected 7.6 million current AT&T customers and 65.4 million former account holders. Soon after the discl
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T faced two major data breaches in 2024 (March and July), exposing **millions of customers' personal information**, including **Social Security numbers, birthdates, and phone records**. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to **identity theft and fraud**, leading to a **$177 million settlement**—one of the largest in the telecom sector. The settlement covers **current and former customers**, offering compensation (up to **$7,500 per person**), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to **enhanced security measures** like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the **FCC and FTC** likely to impose stricter breach notification rules and penalties.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T is settling two major data breaches affecting **72.6 million customers** (7.6M current + 65M former) and additional subscribers whose call/text records were compromised. The **first breach (March 2024)** exposed highly sensitive data—including **Social Security numbers, birthdates, addresses, passcodes, and billing details**—on the dark web. The **second breach (disclosed July 2024)** involved hackers infiltrating a cloud platform to steal **six months of call/text metadata (2022)**, including phone numbers, call durations, and cell site information. Victims with documented financial losses can claim up to **$5,000 (first breach)**, **$2,500 (second breach)**, or **$7,500 (both)**. AT&T denies wrongdoing but agreed to a **$177M settlement** to avoid litigation. The breaches triggered class-action lawsuits, with payouts expected post-December 2024 court approval. Customers received emails from **[email protected]** with claim deadlines set for **November 18, 2024**.
AT&T Mobility, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On June 10, 2014, the California Office of the Attorney General reported a data breach involving AT&T Mobility, LLC. The breach occurred between April 9 and April 21, 2014, involving unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI). The exact number of individuals affected is unknown.
AT&T
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T suffered from a data breach incident after vendor hack that exposed 9 million customers data. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Customer Exclusive Network According to AT&T, information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public.
Don’t wait: Deadline to claim up to $7,500 in AT&T settlement is 2 weeks away. Do you qualify?
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T deadline to file in part of a $177 million settlement is fast approaching. AP The deadline to file a claim in the massive $177 million AT&T data breach settlement is approaching fast. Eligible customers have about two weeks left to submit their claims before the Dec. 18 cutoff. The settlement stems from two AT&T data breaches in 2024, which occurred just months apart and exposed personal information for millions of current and former customers. What happened The first breach, in March 2024, leaked addresses, dates of birth, billing account numbers, passcodes, and Social Security numbers belonging to 7.6 million current and 65.4 million former AT&T customers. According to the settlement website, this information was released on the dark web. The second breach, in July 2024, exposed call and text records for about 110 million customers between 2022 and 2023. These records were “illegally downloaded from our workspace on a third-party cloud platform,” the settlement states. Multiple lawsuits followed, later consolidated and resolved with a settlement in the U.S. Northern District Court of Texas. How much money could you receive? Customers affected by either breach can file a claim, but payouts vary depending on which incident impacted them. Those affected by both breaches may qualify for up to $7,500. For those involved in the first breach, class members receive up to $5,000 if they can show the losses are “fairly traceable to the AT&T 1 Data Incident.” Remaini
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: AT&T suffered two massive data breaches in **2019** and **2024**, compromising nearly **200 million people** combined. The **2019 breach** exposed **Social Security numbers, birth dates, and legal names** of **7.6 million current** and **65.4 million former customers**, discovered only in **2024** when data surfaced on the dark web. The **2024 breach** involved hackers (linked to **ShinyHunters**) accessing **phone records of ~109 million customers** from AT&T’s **Snowflake cloud warehouse**, containing call and text metadata. Both breaches led to a **$177 million class-action settlement**, with payouts up to **$5,000 (2019 victims with documented losses)** and **$2,500 (2024 victims with proof)**. The breaches triggered **password resets for all affected users**, legal action against two arrested hackers, and consolidated lawsuits. The **2019 incident** received **$149 million** in settlements, while the **2024 Snowflake breach** got **$28 million**.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: AT&T experienced two major data breaches in 2024. The first, announced on **March 30, 2024**, exposed **73 million accounts** (7.6M current, 65.4M former customers), leaking **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers** on the dark web. The second, disclosed on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* cellular customers and landline interactions from **May 1, 2022 – October 31, 2022** via a third-party cloud platform. While no PII (e.g., SSNs) was compromised in the second breach, federal agencies (FBI, DOJ) delayed public disclosure due to **national security risks**. AT&T settled lawsuits for **$177 million**, with affected customers eligible for up to **$7,500** in compensation. The breaches triggered class-action lawsuits, regulatory scrutiny, and reputational damage, though no evidence suggested public exposure of the second breach’s data.
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: On **March 30, 2024**, AT&T disclosed a massive **data breach** exposing **73 million accounts** (7.6M current + 65.4M former customers). Hackers leaked **dark web datasets** containing **Social Security numbers, addresses, birthdates, passcodes, billing numbers, and phone numbers**—highly sensitive personal and financial data. A second breach on **July 12, 2024**, involved hackers downloading **call and text records** (excluding content) of *nearly all* AT&T cellular, MVNO, and landline customers from a **third-party cloud platform** (May–Oct 2022). While no PII was exposed in the second incident, the first breach’s scale and sensitivity triggered **federal investigations**, **national security concerns** (FBI/DOJ delays), and a **$177M class-action settlement** (up to **$7,500 per victim**). The breaches prompted **state/federal lawsuits**, regulatory scrutiny, and reputational damage, with AT&T facing **customer churn risks** and **operational disruptions** from incident response.
Less Than 2 Weeks Left: How to Claim Up to $7,500 From AT&T's $177 Million Data Breach Settlement
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Table of Contents How to Get Your Share of the AT&T Settlement Payouts How Much Money Can You Receive? How to Submit a Claim When Is the Deadline to Submit a Claim? What if I Want to Sue AT&T Individually? What If I Don't Like the Terms of This Settlement? What If I Do Nothing? Were you caught up in either of the two AT&T data breaches from 2019 or 2024? If so, you might be eligible for part of a $177 million settlement. According to court documents, the settlement fund consists of $149 million to address a major data leak in 2019, which allowed cybercriminals to exploit the data of former and existing subscribers for years. Last March, AT&T finally confirmed the breach, sparking a wave of class-action lawsuits alleging the company had failed to safeguard the data of 51 million users, including their names, Social Security numbers, and dates of birth. The rest of the $28 million is meant to address a second incident involving a hacker breaching AT&T’s account with cloud storage provider Snowflake in April 2024. This enabled the cybercriminal to access call and text records for nearly all customers. Another round of class-action lawsuits followed, alleging corporate neglect. However, AT&T said no customer names were included in the stolen information. Law enforcement also arrested the two alleged hackers involved in the breach. How to Get Your Share of the AT&T Settlement Payouts You're eligible for a payout if your data was compromised in one or both of the two data brea
AT&T
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors.
AT&T
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. It corresponds to current and former customers of AT&T. It intercepted a 1.6 gigabyte compressed file on a popular dark web file-sharing site. The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs. There are no passwords in the database. AT&T Internet is offered in 21 states and nearly all of the records in the database that contain a state designation corresponded to those 21 states; all other states made up just 1.64 percent of the records. The vast majority of records in this database belong to consumers, but almost 13,000 of the entries are for corporate entities.
AT&T
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Everest ransomware group claimed to have stolen **576,686 personal records** from **AT&T Careers**, the telecom giant’s official job and recruitment platform. The leaked data reportedly includes applicant and employee records, such as resumes, career-related information, and potentially sensitive personal details. The group posted the listing on its dark web leak site on **October 21**, with a **four-day countdown** before public release, restricting access behind a password. While AT&T has not confirmed the breach, the incident follows prior high-profile breaches, including a **2021 ShinyHunters attack** (70M customer records) and a **2025 leak** (86M decrypted SSNs). The Everest group, known for extorting corporations, has previously targeted companies like Coca-Cola and Mailchimp. The breach raises concerns over **employee data security**, potential **phishing risks**, and AT&T’s cybersecurity posture, especially if third-party vendors were involved. Affected individuals are advised to **reset passwords, enable MFA, and monitor financial/credit activity** for signs of misuse.
AT&T Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AT&T
Incidents vs Telecommunications Industry Average (This Year)
AT&T has 419.48% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
AT&T has 412.82% more incidents than the average of all companies with at least one recorded incident.
Incident Types AT&T vs Telecommunications Industry Avg (This Year)
AT&T reported 4 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 4 data breaches, compared to industry peers with at least 1 incident.
Incident History — AT&T (X = Date, Y = Severity)
AT&T cyber incidents detection timeline including parent company and subsidiaries
AT&T Company Subsidiaries
We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation? With you. Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable. What are you dreaming of doing with your career? Find stories about our talent, career advice, opportunities, company news, and innovations here on LinkedIn. To learn more about joining AT&T, visit: http://www.att.jobs We provide in some of our posts links to articles or posts from third-party websites unaffiliated with AT&T. In doing so, AT&T is not adopting, endorsing or otherwise approving the content of those articles or posts. AT&T is providing this content for your information only.
Loading...
AT&T Similar Companies
TELUS
At TELUS, our purpose-driven team works together every day to innovate and do good. From providing technology solutions that make our lives safer and easier, to supporting those who need it most, our inclusive, spirited and giving people are passionate about empowering our customers, communities and
Telecom Argentina
We are Telecom Argentina, a connectivity solutions and entertainment company with over 23,000 collaborators throughout the country. We transform the digital experience of our over 28 million customers providing them a secure, flexible and dynamic service on all of their devices, with high speed mobi
vivo
vivo is a technology company that creates great products based on a design-driven value, with smart devices and intelligent services as its core. The company aims to build a bridge between humans and the digital world. Through unique creativity, vivo provides users with an increasingly convenient mo
EE
EE, part of BT Group, is the largest and most advanced mobile communications company in the UK, delivering mobile and fixed communications services to consumers. We run the UK's biggest and fastest mobile network, having pioneered the UK's first superfast 4G mobile service in October 2012 and was
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
Welcome to Deutsche Telekom. As one of the world's most valuable brands, we design innovative solutions and products in the areas of connectivity, networks, digitalization and security. #connectingyourworld At Deutsche Telekom, we believe that each and every one of us has the power to move society
Make a new start. A start that will build beautiful relationships, shape millions of ideas. Enable a new way to live, learn, work and play. At Jio, we build products and services of the future to empower billions of Indians make their dreams a reality. Jio is about YOU. Join the movement to make I
Telemont
Fundada em 1975, a Telemont Engenharia de Telecomunicações S/A é líder na prestação de serviços de implantação, manutenção e operação de redes de telecomunicações. São 7,7 milhões de acessos de voz, 3 milhões de ADSL e dados e 63 mil km de fibra óptica operados pela empresa. Através da Telemont I
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organi
.png)
AT&T CyberSecurity News
December 05, 2025 09:33 AM
Is it legal to use your cellphone at a red light in Delaware?
Whether or not you can legally use a cell phone at a red light in Delaware is complicated. According to the Delaware State Code,...
December 05, 2025 09:30 AM
HSBC to occupy over 40,000 sq ft at Hong Kong's Capitol Centre in 2026
HSBC is set to occupy more than 40000 sq ft of space in Capitol Centre in Causeway Bay, as Hong Kong's largest bank joins a growing list of...
December 05, 2025 09:24 AM
PIT at TBL | Recap
Game-changing highlights from the matchup between the Pittsburgh Penguins and the Tampa Bay Lightning.
December 05, 2025 09:07 AM
Is Netflix (NFLX) Undervalued After a 17% Pullback? A Fresh Look at Its Valuation
Netflix (NFLX) has cooled off after a strong run this year, with the stock sliding roughly 17% over the past 3 months even as revenue and...
December 05, 2025 09:00 AM
Judges lash out at Justice Department for still listing Lindsey Halligan on court documents
Federal judges in Alexandria, Virginia, have lashed out at the Justice Department as they continue to list Lindsey Halligan on court...
December 05, 2025 09:00 AM
‘UK at the Half’: College of Fine Arts brings holiday spirit to Lexington
LEXINGTON, Ky. (Dec. 5, 2025) — The University of Kentucky College of Fine Arts is helping the campus and Lexington community get into the holiday spirit.
December 05, 2025 08:39 AM
IAEA-Led Team Samples ALPS-Treated Water from Discharge Facilities at Fukushima Daiichi Nuclear Power Station
The International Atomic Energy Agency (IAEA) this week led a team of international experts in conducting sampling of Advanced Liquid...
December 05, 2025 08:34 AM
At least 4 countries pull out of 2026 Eurovision contest over Israel’s participation
Ireland, the Netherlands, Spain and Slovenia said they were pulling out of the contest after organizers decided to allow Israel to continue...
December 05, 2025 08:19 AM
AbbVie-Sponsored Symposium at ESMO Asia 2025 Highlights Urgent Medical Need in Platinum-Resistant Advanced Ovarian Cancer
PRNewswire/ -- At an AbbVie-sponsored symposium at the ESMO Asia Congress 2025, experts gathered to address platinum resistance in advanced...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AT&T CyberSecurity History Information
Official Website of AT&T
The official website of AT&T is http://www.att.com.
AT&T’s AI-Generated Cybersecurity Score
According to Rankiteo, AT&T’s AI-generated cybersecurity score is 220, reflecting their Critical security posture.
How many security badges does AT&T’ have ?
According to Rankiteo, AT&T currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AT&T have SOC 2 Type 1 certification ?
According to Rankiteo, AT&T is not certified under SOC 2 Type 1.
Does AT&T have SOC 2 Type 2 certification ?
According to Rankiteo, AT&T does not hold a SOC 2 Type 2 certification.
Does AT&T comply with GDPR ?
According to Rankiteo, AT&T is not listed as GDPR compliant.
Does AT&T have PCI DSS certification ?
According to Rankiteo, AT&T does not currently maintain PCI DSS compliance.
Does AT&T comply with HIPAA ?
According to Rankiteo, AT&T is not compliant with HIPAA regulations.
Does AT&T have ISO 27001 certification ?
According to Rankiteo,AT&T is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AT&T
AT&T operates primarily in the Telecommunications industry.
Number of Employees at AT&T
AT&T employs approximately 177,538 people worldwide.
Subsidiaries Owned by AT&T
AT&T presently has no subsidiaries across any sectors.
AT&T’s LinkedIn Followers
AT&T’s official LinkedIn profile has approximately 1,591,781 followers.
NAICS Classification of AT&T
AT&T is classified under the NAICS code 517, which corresponds to Telecommunications.
AT&T’s Presence on Crunchbase
Yes, AT&T has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/at-t.
AT&T’s Presence on LinkedIn
Yes, AT&T maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/att.
Cybersecurity Incidents Involving AT&T
As of December 11, 2025, Rankiteo reports that AT&T has experienced 21 cybersecurity incidents.
Number of Peer and Competitor Companies
AT&T has an estimated 9,686 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AT&T ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Cyber Attack and Breach.
What was the total financial impact of these incidents on AT&T ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $2.12 billion.
How does AT&T detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with offering one year of free credit monitoring, and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (court-appointed administrator), and recovery measures with settlement funds ($177m) for affected customers, and communication strategy with email notifications ([email protected]) and public announcements via news releases, and communication strategy with public settlement announcement and claim process via www.telecomdatasettlement.com, and incident response plan activated with yes (password resets for 2019 breach; legal coordination for both), and third party assistance with kroll settlement administration (claims management), third party assistance with law firms (class action settlement), and law enforcement notified with yes (two arrests made for 2024 breach), and breach 2019 with password resets for affected current customers, breach 2024 with snowflake access revoked; investigation into credential compromise, and remediation measures with $177m settlement fund, remediation measures with enhanced monitoring (assumed), and recovery measures with class action settlement website (telecomdatasettlement.com), recovery measures with customer notifications via email, and communication strategy with public disclosures (2024-03 and 2024-07), communication strategy with dedicated settlement website, communication strategy with customer notifications with class member ids, and enhanced monitoring with likely (not explicitly stated), and incident response plan activated with yes (collaboration with fbi/doj), and law enforcement notified with yes (fbi, doj), and communication strategy with delayed disclosure (national security concerns); customer notifications via email (kroll settlement administration), and third party assistance with kroll settlement administration (claims management), and remediation measures with settlement funds for affected customers, remediation measures with extended claim-filing deadlines, and communication strategy with official notices via email/snail mail ([email protected]), communication strategy with dedicated settlement website, communication strategy with customer support hotline (833-890-4930), and incident response plan activated with yes (collaboration with fbi/doj), and law enforcement notified with yes (fbi, doj involved in delay decision), and communication strategy with public announcements (march 30, july 12, 2024), communication strategy with email notifications via kroll settlement administration, communication strategy with settlement website for claims, and incident response plan activated with yes (settlement process initiated), and third party assistance with kroll settlement administration (claims processing), and recovery measures with settlement payouts to victims, and communication strategy with public disclosure, official settlement website, customer notifications, and incident response plan activated with yes (settlement process initiated), and recovery measures with settlement fund of $177 million for affected customers, and communication strategy with public advisories, official settlement website, media coverage (e.g., rolling out, pix11), and incident response plan activated with yes (as part of settlement terms), and third party assistance with kroll settlement administration (managing settlement claims), and remediation measures with improved encryption, remediation measures with enhanced monitoring, and recovery measures with $177 million settlement fund, recovery measures with free credit monitoring and identity theft protection (up to 3 years), recovery measures with reimbursement for documented losses (up to $7,500 per person), and communication strategy with official settlement website (managed by kroll), communication strategy with public awareness campaigns, communication strategy with social media outreach (e.g., x/twitter), and enhanced monitoring with yes (as part of post-breach security overhauls), and and remediation measures with class action settlement ($177m), remediation measures with free credit/identity monitoring for affected customers, and communication strategy with public disclosure, communication strategy with customer advisories (password changes, 2fa, credit freezing), communication strategy with website updates with detailed breach information, and communication strategy with settlement announcement and extended claims deadline (december 18, 2025), and communication strategy with public disclosure via settlement website, and communication strategy with public disclosure and settlement announcement, and law enforcement notified with yes (hackers arrested), and communication strategy with public disclosure, settlement announcements..
Incident Details
Can you provide details on each incident ?
Title: Data Breach of AT&T Customer Information
Description: A cybersecurity firm intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans corresponding to current and former customers of AT&T.
Type: Data Breach
Attack Vector: Dark Web File-Sharing Site
Title: AT&T Data Breach Incident
Description: AT&T suffered from a data breach incident after a vendor hack that exposed 9 million customers' data. The compromised data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, was made public. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information.
Type: Data Breach
Attack Vector: Vendor Hack
Title: Salt Typhoon Hacking Campaign
Description: The 'Salt Typhoon' hacking campaign compromised AT&T's telecommunications network, allowing unauthorized access to Americans’ phone calls, text messages, and law enforcement wiretap systems. This blatant exploitation of cybersecurity vulnerabilities led to severe consequences, exposing the personal and operational data to potential misuse by nation-state actors. The aftermath of the breach has prompted regulatory proposals to implement basic cyber defenses and enforce cyber risk-management planning to prevent such extensive breaches in the future. This incident highlights the stark need for higher cybersecurity standards within critical infrastructure sectors.
Type: Hacking Campaign
Threat Actor: Nation-state actors
Title: AT&T Customer Account Breach
Description: The California Office of the Attorney General reported that AT&T experienced unauthorized access to customer accounts between February and July 2014. The breach potentially involved Customer Proprietary Network Information (CPNI), but there is no evidence that Social Security Numbers were compromised. AT&T is offering affected individuals one year of free credit monitoring.
Type: Data Breach
Attack Vector: Unauthorized Access
Title: AT&T Data Breach
Description: The Vermont Office of the Attorney General reported a data breach involving AT&T on July 13, 2023. The breach occurred on or about May 17, 2023, and involved the retention of Personally Identifiable Information (PII) without authorization, including names, addresses, and Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2023-05-17
Date Publicly Disclosed: 2023-07-13
Type: Data Breach
Title: AT&T Mobility Data Breach
Description: Unauthorized access to customer personal identifying information, including Social Security numbers and Customer Proprietary Network Information (CPNI).
Date Detected: 2014-06-10
Date Publicly Disclosed: 2014-06-10
Type: Data Breach
Attack Vector: Unauthorized Access
Title: AT&T Data Breaches Settlement for 72.6 Million Customers
Description: AT&T is offering settlements totaling $177 million for two separate data breaches affecting millions of customers. The first breach (March 30, 2024) exposed sensitive data of 72.6 million customers (7.6 million current and 65 million former) on the dark web, including SSNs, birthdates, phone numbers, addresses, billing numbers, and passcodes. The second breach (disclosed July 12, 2024) involved the theft of telephone and text message data (call records, aggregate call duration, and cell site details) from a cloud platform over six months in 2022. Eligible victims can claim up to $7,500 if affected by both breaches, with deadlines set for November 18, 2024. AT&T denies wrongdoing but settled to avoid litigation.
Date Detected: 2024-03-302022-01-01
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (First Breach)Cloud Platform Exploitation (Second Breach)
Title: AT&T Data Breach Settlement (2015–2023)
Description: AT&T is paying out a $177 million settlement after a massive data breach exposed customer names, addresses, and call records. Affected customers (2015–2023) may be eligible for compensation up to $7,500. Claims must be filed by November 18 via www.telecomdatasettlement.com.
Type: Data Breach
Title: AT&T Data Breaches (2019 & 2024)
Description: AT&T was responsible for two of the largest data breaches in history, affecting nearly 200 million people. The breaches occurred in 2019 (involving personal data like Social Security numbers) and 2024 (involving phone records accessed via Snowflake). A $177 million class action settlement was approved in 2025, with payouts for affected individuals.
Date Detected: Breach 2019: 2024-03-01 (disclosed), Breach 2024: 2024-04-01 (detected), 2024-07-01 (disclosed),
Date Publicly Disclosed: Breach 2019: 2024-03-01, Breach 2024: 2024-07-01,
Type: Data Breach (2019)
Attack Vector: Breach 2019: Unknown (data found on dark web), Breach 2024: Unauthorized access to Snowflake cloud data warehouse (credential-based attack by ShinyHunters),
Threat Actor: Breach 2019: Unknown, Breach 2024: ShinyHunters (hacker group; two arrests made).
Motivation: Breach 2019: Likely financial (data sold on dark web), Breach 2024: Financial (data exfiltration for sale or ransom),
Title: AT&T Data Breaches (March & July 2024)
Description: On March 30, 2024, AT&T announced its first data breach affecting ~73 million accounts (7.6M current + 65.4M former customers), exposing PII like SSNs, addresses, and passcodes on the dark web. A second breach on July 12, 2024, involved call/text metadata for 'nearly all' cellular customers (May–Oct 2022). Federal agencies delayed public disclosure due to national security concerns. AT&T agreed to a $177M settlement ($149M for the first breach, $28M for the second), with claims due by Nov 18, 2024.
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Leak (March 2024)Third-Party Cloud Platform Compromise (July 2024)
Title: AT&T Data Breach Settlement for Two Cyber Incidents
Description: A $177 million settlement resolves claims from two separate cyber incidents affecting AT&T customers. The first incident involved compromised personal data, while the second exposed call and text logs tied to the Snowflake ecosystem. Affected customers may qualify for payments up to $7,500, with funds divided into a $149 million pool (for personal data breaches) and a $28 million pool (for call/text log exposures). Claims are managed by Kroll Settlement Administration, with deadlines extended by court order.
Type: Data Breach
Title: AT&T Careers Data Leak by Everest Ransomware Group
Description: The Everest ransomware group claims to hold 576,686 personal records linked to AT&T Careers, the telecom giant’s official job and recruitment platform. The listing appeared on October 21, 2025, on the group's dark web leak site, with a password-protected entry and a four-day countdown before public release. The data may include recruitment, applicant, or employee records. AT&T has not yet publicly confirmed or denied the breach.
Date Detected: 2025-10-21
Date Publicly Disclosed: 2025-10-21
Type: data breach
Threat Actor: Everest ransomware group
Motivation: financial extortiondata theft
Title: AT&T Data Breaches (March & July 2024)
Description: AT&T experienced two major data breaches in 2024. The first, announced on March 30, 2024, affected ~73 million accounts (7.6M current, 65.4M former customers), exposing addresses, Social Security numbers, birthdates, passcodes, billing numbers, and phone numbers via a dark web dataset. The second, announced on July 12, 2024, involved hackers downloading call and text records (excluding content) of 'nearly all' cellular customers and landline interactions from May 1–October 31, 2022, from a third-party cloud platform. Federal agencies (FBI, DOJ) delayed public disclosure due to national security concerns. AT&T agreed to a $177M settlement ($149M for the first breach, $28M for the second), with eligible customers able to claim up to $7,500 in compensation.
Date Publicly Disclosed: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (First Breach)Third-Party Cloud Platform Compromise (Second Breach)
Title: AT&T Data Breach Settlement (2024)
Description: AT&T agreed to a $177 million settlement for two major data breaches in 2024 (March and July), exposing millions of customers' sensitive data, including Social Security numbers, birthdates, account details, phone numbers, and call logs. Victims can claim up to $7,500 if filed before November 18, 2025. The settlement covers documented losses, with payouts tiered based on data exposure severity. Claims are processed online or via mail, with payouts expected in 2026 post-court approval.
Date Detected: 2024-03-302024-07-12
Date Publicly Disclosed: 2025-08-01
Type: Data Breach
Title: AT&T 2024 Data Breaches Settlement
Description: AT&T agreed to pay $177 million to victims of two major 2024 data breaches that exposed sensitive customer data, including Social Security numbers and call records. Affected customers must file claims by December 18, 2025, for compensation, with maximum individual payouts reaching $7,500 for those impacted by both incidents. The settlement is one of the largest in telecom history, reflecting the severity of the breaches and the potential risks to affected individuals.
Date Detected: 2024-03-302024-07-12
Type: Data Breach
Attack Vector: Dark Web Data Leak (March 2024)Third-Party Cloud Platform Exploitation (July 2024)
Title: AT&T Data Breaches Settlement (2024)
Description: AT&T Inc. agreed to pay $177 million to resolve claims from two major data breaches in 2024 that compromised the personal information of millions of customers. The breaches, announced in March and July 2024, exposed sensitive data including Social Security numbers, birthdates, and phone records. The settlement covers individuals affected by either the 'AT&T 1 Data Incident' or the 'AT&T 2 Data Incident,' with claims reaching up to $7,500 per person. The deal includes provisions for free credit monitoring and identity theft protection, alongside commitments to enhance data security measures such as improved encryption and monitoring.
Date Publicly Disclosed: March 2024July 2024
Type: Data Breach
Vulnerability Exploited: Outdated security protocolsSophisticated hacking attempts
Title: AT&T Data Breach Settlement
Description: AT&T is set to pay a $177 million class action settlement after two alleged data breaches where sensitive customer data was released on the dark web. The breaches exposed customer information, including highly sensitive personal details like Social Security numbers, financial data, and other personally identifiable information (PII). Customers were advised to change passwords, enable 2FA, monitor financial accounts, and consider freezing their credit if their SSN was compromised. AT&T offered free credit or identity monitoring services to affected individuals.
Type: Data Breach
Motivation: Financial GainData Theft
Title: AT&T Data Breaches Settlement
Description: Millions of AT&T customers may be entitled to receive up to $7,500 after the company was ordered to pay $177 million in a settlement related to two major data breaches. The deadline to submit claims has been extended to December 18, 2025, giving customers additional time to apply.
Type: Data Breach
Title: AT&T Data Breach Settlement
Description: AT&T faced two major data breaches in 2024, exposing personal information and call/text records of millions of customers. The breaches led to a $177 million settlement with a deadline for claims on December 18, 2024.
Date Detected: 2024-03-01
Type: Data Breach
Attack Vector: Third-party cloud platform compromise
Title: AT&T Data Breaches Settlement
Description: Millions of AT&T customers were affected by two data breaches in 2019 and 2024, leading to the exposure of personal information. AT&T was ordered to pay $177 million in a settlement, with affected customers eligible for compensation up to $7,500.
Date Detected: March 2024
Date Publicly Disclosed: March 2024
Type: Data Breach
Title: AT&T Data Breaches Settlement (2019 & 2024)
Description: AT&T faced two major data breaches in 2019 and 2024, leading to a $177 million settlement. The 2019 breach exposed personal data of 51 million users, while the 2024 breach involved unauthorized access to call and text records via a third-party cloud storage provider.
Date Detected: 2024-03
Date Publicly Disclosed: 2024-03
Type: Data Breach
Attack Vector: Third-party compromise (Snowflake)Exploited data leak
Threat Actor: CybercriminalsAlleged hackers (arrested)
Motivation: Financial gainData exploitation
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Dark Web File-Sharing Site, Breach 2019: Unknown (dark web leak), Breach 2024: Compromised Snowflake credentials (likely via ShinyHunters), , Third-party cloud platform and Third-party cloud storage (Snowflake).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ATT2145281022
Data Compromised: Names, Addresses, Email addresses, Phone numbers, Social security numbers, Dates of birth
Incident : Data Breach ATT41910723
Data Compromised: Customer first names, Wireless account numbers, Wireless phone numbers, Email addresses, Number of lines on an account, Wireless rate plan
Incident : Hacking Campaign ATT000011825
Data Compromised: Phone calls, Text messages, Law enforcement wiretap systems
Incident : Data Breach ATT025072625
Data Compromised: Customer proprietary network information (cpni)
Incident : Data Breach ATT252072925
Data Compromised: Names, Addresses, Social security numbers
Incident : Data Breach ATT444072925
Data Compromised: Social security numbers, Customer proprietary network information (cpni)
Incident : Data Breach ATT4065240090625
Financial Loss: $177 million (settlement funds: $149M + $28M)
Data Compromised: Social security numbers (ssns), Birthdates, Phone numbers, Addresses, Billing numbers, Passcodes, Call records (phone numbers, aggregate call duration, cell site details)
Systems Affected: Customer Databases (First Breach)Cloud Platform (Second Breach)
Customer Complaints: Expected (class-action lawsuits filed)
Brand Reputation Impact: Moderate to High (public disclosure, settlements, and potential loss of customer trust)
Legal Liabilities: Class-action lawsuits settled; AT&T denies wrongdoing but agreed to payouts to avoid litigation
Identity Theft Risk: High (SSNs and personal data exposed in first breach)
Payment Information Risk: Moderate (billing numbers and passcodes exposed)
Incident : Data Breach ATT2892228093025
Financial Loss: $177 million (settlement payout)
Data Compromised: Customer names, Addresses, Call records
Brand Reputation Impact: Potential reputational damage due to breach and settlement
Legal Liabilities: $177 million settlement
Identity Theft Risk: Possible (due to exposed PII)
Incident : Data Breach (2019) ATT3362133100925
Financial Loss: $177 million (settlement payout: $149M for 2019 breach, $28M for 2024 breach)
Data Compromised: Breach 2019: 73 million records (7.6M current + 65.4M former customers), Breach 2024: 109 million records (phone records from 2022),
Systems Affected: Breach 2019: AT&T customer databases, Breach 2024: Snowflake cloud data warehouse.
Operational Impact: Password resets for 7.6M current customers (2019)Legal and settlement administration overhead
Customer Complaints: Multiple lawsuits consolidated into class action
Brand Reputation Impact: Significant (one of the largest breaches in history; public distrust)
Legal Liabilities: $177 million settlement + potential regulatory fines
Identity Theft Risk: [{'breach_2019': 'High (SSNs, birth dates, legal names exposed)', 'breach_2024': 'Moderate (phone records, call logs)'}]
Incident : Data Breach ATT4692046101025
Data Compromised: Addresses, Social security numbers, Birthdates, Passcodes, Billing numbers, Phone numbers, Call/text metadata (may 1, 2022 – oct 31, 2022)
Systems Affected: Customer DatabasesThird-Party Cloud Platform
Brand Reputation Impact: High (Class-action lawsuits, regulatory scrutiny)
Legal Liabilities: $177M settlement (pending court approval)
Identity Theft Risk: High (SSNs, PII exposed)
Payment Information Risk: Low (No payment card data confirmed)
Incident : Data Breach ATT0092600102125
Financial Loss: Up to $7,500 per affected customer (settlement payouts)
Data Compromised: Personal data (e.g., names, contact info), Call and text logs
Revenue Loss: $177 million (settlement cost)
Brand Reputation Impact: High (due to sensitive telecom data exposure and regulatory scrutiny)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (potential for account takeovers, phishing, and identity theft)
Incident : data breach ATT2192021102425
Data Compromised: Personal records (576,686), Potential recruitment/applicant/employee data
Systems Affected: AT&T Careers platform (job and recruitment portal)
Brand Reputation Impact: Potential reputational damage due to repeated breaches and lack of immediate public response
Identity Theft Risk: High (if records include PII like resumes, contact details, or SSNs)
Incident : Data Breach ATT5202352111325
Financial Loss: $177 million (settlement total)
Data Compromised: Breach 1: Addresses, Social Security numbers, Birthdates, Passcodes, Billing numbers, Phone numbers, Breach 2: Call records (metadata), Text records (metadata),
Systems Affected: Customer databases (First Breach)Third-party cloud platform (Second Breach)
Customer Complaints: Multiple state/federal lawsuits filed
Brand Reputation Impact: Significant (class-action lawsuits, regulatory scrutiny)
Legal Liabilities: $177 million settlement (pending court approval)
Identity Theft Risk: High (for first breach, due to SSN exposure)
Payment Information Risk: Moderate (billing numbers exposed in first breach)
Incident : Data Breach ATT4392343111325
Financial Loss: $177 million (settlement amount)
Data Compromised: Social security numbers, Birthdates, Names, Addresses, Email ids, Phone numbers, Billing account numbers, Account passcodes, Call logs, Interaction counts, Call frequencies, Cell site ids
Customer Complaints: Millions of affected customers
Brand Reputation Impact: Significant (class-action settlement, public disclosure)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (SSNs, PII exposed)
Payment Information Risk: Moderate (billing account numbers exposed)
Incident : Data Breach ATT1803418111425
Financial Loss: $177 million (settlement fund)
Data Compromised: Names, Addresses, Phone numbers, Email addresses, Dates of birth, Account passcodes, Billing numbers, Social security numbers (ssns), Call records (telephone numbers interacted with, call frequency, cell site identification numbers)
Systems Affected: AT&T customer databasesThird-party cloud platform (July 2024 breach)
Customer Complaints: Class action lawsuits consolidated in federal court
Brand Reputation Impact: Significant; one of the largest payouts in telecom history, reflecting severe public and legal scrutiny
Legal Liabilities: $177 million settlement, class action lawsuits
Identity Theft Risk: High (due to exposure of SSNs and personal data)
Payment Information Risk: Moderate (billing numbers exposed)
Incident : Data Breach ATT0893608111425
Financial Loss: $177 million (settlement amount)
Data Compromised: Social security numbers, Birthdates, Phone records, At&t-specific fields (march breach), Phone numbers (july breach)
Brand Reputation Impact: Significant; public scrutiny and loss of trust
Legal Liabilities: Multidistrict litigation consolidated under Judge Ada E. Brown; one of the largest telecom-related settlements in recent years
Identity Theft Risk: High; exposed data includes sensitive PII vulnerable to identity theft and fraud
Incident : Data Breach ATT3032030111625
Financial Loss: $177 million (settlement amount)
Customer Complaints: True
Brand Reputation Impact: High (due to public disclosure and settlement)
Legal Liabilities: $177 million settlement
Identity Theft Risk: High (SSNs and financial data exposed)
Payment Information Risk: High (financial data compromised)
Incident : Data Breach ATT1764635319
Financial Loss: $177 million (settlement amount)
Brand Reputation Impact: Potential negative impact due to data breaches and settlement
Legal Liabilities: $177 million settlement
Identity Theft Risk: Likely (given customer data exposure)
Incident : Data Breach ATT1764781901
Financial Loss: $177 million settlement
Data Compromised: Personal information, call and text records
Systems Affected: Third-party cloud platform workspace
Brand Reputation Impact: Significant
Legal Liabilities: Multiple lawsuits consolidated into settlement
Identity Theft Risk: High
Incident : Data Breach ATT1764820523
Financial Loss: $177 million settlement
Data Compromised: Personal information including Social Security numbers, birth dates, and legal names
Brand Reputation Impact: Yes
Legal Liabilities: Yes
Identity Theft Risk: Yes
Incident : Data Breach ATT1765044347
Financial Loss: $177 million settlement
Data Compromised: Personal data (names, ssns, dobs), Call and text records
Systems Affected: Customer databaseCloud storage (Snowflake)
Brand Reputation Impact: Class-action lawsuits alleging corporate neglect
Legal Liabilities: Class-action lawsuits, regulatory fines
Identity Theft Risk: High (SSNs, DOBs exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $101.14 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Email Addresses, Phone Numbers, Social Security Numbers, Dates Of Birth, , Customer First Names, Wireless Account Numbers, Wireless Phone Numbers, Email Addresses, Number Of Lines On An Account, Wireless Rate Plan, , Phone Calls, Text Messages, Law Enforcement Wiretap Systems, , Customer Proprietary Network Information (Cpni), , Pii, , Social Security Numbers, Customer Proprietary Network Information (Cpni), , Personally Identifiable Information (Pii), Call Records, Telecommunications Metadata, , Personally Identifiable Information (Pii), Call Records, , Breach 2019: PII (Social Security numbers, birth dates, legal names), Breach 2024: Phone records (call logs, metadata from 2022), , Personally Identifiable Information (Pii), Call/Text Metadata, , Personal Data (E.G., Names, Contact Info), Call And Text Logs, , Personal Records, Recruitment Data, Applicant/Employee Information, , Personally Identifiable Information (Pii), Telecommunications Metadata, , Personally Identifiable Information (Pii), Financial Data (Billing Account Numbers), Telecom Metadata (Call Logs, Cell Site Ids), , Personally Identifiable Information (Pii), Call Records And Metadata, , Personally Identifiable Information (Pii), Social Security Numbers, Birthdates, Phone Records, Phone Numbers, , Personally Identifiable Information (Pii), Social Security Numbers (Ssns), Financial Data, Email Addresses, Phone Numbers, Medical Information (Potential), , Personal Information, Call And Text Records, , Social Security Numbers, Birth Dates, Legal Names, , Personal Data (Names, Ssns, Dobs), Call And Text Records and .
Which entities were affected by each incident ?
Incident : Data Breach ATT2145281022
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: 21 states in the US
Customers Affected: 23 million
Incident : Data Breach ATT41910723
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Customers Affected: 9 million
Incident : Hacking Campaign ATT000011825
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach ATT025072625
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT252072925
Entity Name: AT&T
Entity Type: Corporation
Industry: Telecommunications
Incident : Data Breach ATT444072925
Entity Name: AT&T Mobility, LLC
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT4065240090625
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States (Nationwide, including Kansas)
Size: Large (Tens of millions of current/former customers)
Customers Affected: 72.6 million (7.6 million current + 65 million former)
Incident : Data Breach ATT2892228093025
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (Fortune 500)
Customers Affected: Customers between 2015 and 2023 (exact number unspecified)
Incident : Data Breach (2019) ATT3362133100925
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (Fortune 500)
Customers Affected: ~200 million (73M in 2019, 109M in 2024; overlap possible)
Incident : Data Breach (2019) ATT3362133100925
Entity Name: Snowflake (2024 breach only)
Entity Type: Cloud Data Warehouse Provider
Industry: Technology
Location: United States
Size: Large
Customers Affected: AT&T's 109M US customers (indirectly)
Incident : Data Breach ATT4692046101025
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: Dallas, Texas, USA
Size: Large (Millions of customers)
Customers Affected: 73,000,000 (March 2024); 'Nearly all' cellular customers (July 2024)
Incident : Data Breach ATT0092600102125
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: United States
Size: Large (multinational corporation)
Customers Affected: Current and past AT&T customers (exact number unspecified)
Incident : data breach ATT2192021102425
Entity Name: AT&T
Entity Type: corporation
Industry: telecommunications
Location: United States
Size: large (global enterprise)
Customers Affected: 576,686 (potential applicants/employees)
Incident : Data Breach ATT5202352111325
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: Dallas, Texas, USA
Size: Large (millions of customers)
Customers Affected: ~73 million (first breach), 'nearly all' cellular customers (second breach)
Incident : Data Breach ATT5202352111325
Entity Name: Mobile Virtual Network Operators (MVNOs) using AT&T's network
Entity Type: Telecommunications Providers
Industry: Telecommunications
Location: USA
Customers Affected: Included in second breach
Incident : Data Breach ATT5202352111325
Entity Name: AT&T Landline Customers
Entity Type: Telecommunications Customers
Location: USA
Customers Affected: Interacted with cellular numbers during May 1–October 31, 2022 (second breach)
Incident : Data Breach ATT4392343111325
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecom
Location: United States
Size: Large (millions of customers)
Customers Affected: Millions
Incident : Data Breach ATT1803418111425
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (millions of customers affected)
Customers Affected: Millions (exact number unspecified)
Incident : Data Breach ATT0893608111425
Entity Name: AT&T Inc.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (millions of customers affected)
Customers Affected: Nearly all of AT&T’s customer base at the time (millions)
Incident : Data Breach ATT3032030111625
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Incident : Data Breach ATT1764635319
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Size: Large (multinational corporation)
Customers Affected: Millions
Incident : Data Breach ATT1764781901
Entity Name: AT&T
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Size: Large
Customers Affected: 110 million (current and former)
Incident : Data Breach ATT1764820523
Entity Name: AT&T
Entity Type: Corporation
Industry: Telecommunications
Customers Affected: 73 million (7.6 million current and 65.4 million former account holders)
Incident : Data Breach ATT1765044347
Entity Name: AT&T
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Size: Large
Customers Affected: 51 million (2019 breach), nearly all customers (2024 breach)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ATT025072625
Remediation Measures: Offering one year of free credit monitoring
Incident : Data Breach ATT4065240090625
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (court-appointed administrator)
Recovery Measures: Settlement funds ($177M) for affected customers
Communication Strategy: Email notifications ([email protected]) and public announcements via news releases
Incident : Data Breach ATT2892228093025
Communication Strategy: Public settlement announcement and claim process via www.telecomdatasettlement.com
Incident : Data Breach (2019) ATT3362133100925
Incident Response Plan Activated: Yes (password resets for 2019 breach; legal coordination for both)
Third Party Assistance: Kroll Settlement Administration (Claims Management), Law Firms (Class Action Settlement).
Law Enforcement Notified: Yes (two arrests made for 2024 breach)
Containment Measures: Breach 2019: Password resets for affected current customers, Breach 2024: Snowflake access revoked; investigation into credential compromise,
Remediation Measures: $177M settlement fundEnhanced monitoring (assumed)
Recovery Measures: Class action settlement website (telecomdatasettlement.com)Customer notifications via email
Communication Strategy: Public disclosures (2024-03 and 2024-07)Dedicated settlement websiteCustomer notifications with Class Member IDs
Enhanced Monitoring: Likely (not explicitly stated)
Incident : Data Breach ATT4692046101025
Incident Response Plan Activated: Yes (Collaboration with FBI/DOJ)
Law Enforcement Notified: Yes (FBI, DOJ)
Communication Strategy: Delayed disclosure (national security concerns); Customer notifications via email (Kroll Settlement Administration)
Incident : Data Breach ATT0092600102125
Third Party Assistance: Kroll Settlement Administration (Claims Management).
Remediation Measures: Settlement funds for affected customersExtended claim-filing deadlines
Communication Strategy: Official notices via email/snail mail ([email protected])Dedicated settlement websiteCustomer support hotline (833-890-4930)
Incident : Data Breach ATT5202352111325
Incident Response Plan Activated: Yes (collaboration with FBI/DOJ)
Law Enforcement Notified: Yes (FBI, DOJ involved in delay decision)
Communication Strategy: Public announcements (March 30, July 12, 2024)Email notifications via Kroll Settlement AdministrationSettlement website for claims
Incident : Data Breach ATT4392343111325
Incident Response Plan Activated: Yes (settlement process initiated)
Third Party Assistance: Kroll Settlement Administration (claims processing)
Recovery Measures: Settlement payouts to victims
Communication Strategy: Public disclosure, official settlement website, customer notifications
Incident : Data Breach ATT1803418111425
Incident Response Plan Activated: Yes (settlement process initiated)
Recovery Measures: Settlement fund of $177 million for affected customers
Communication Strategy: Public advisories, official settlement website, media coverage (e.g., Rolling Out, PIX11)
Incident : Data Breach ATT0893608111425
Incident Response Plan Activated: Yes (as part of settlement terms)
Third Party Assistance: Kroll Settlement Administration (managing settlement claims)
Remediation Measures: Improved encryptionEnhanced monitoring
Recovery Measures: $177 million settlement fundFree credit monitoring and identity theft protection (up to 3 years)Reimbursement for documented losses (up to $7,500 per person)
Communication Strategy: Official settlement website (managed by Kroll)Public awareness campaignsSocial media outreach (e.g., X/Twitter)
Enhanced Monitoring: Yes (as part of post-breach security overhauls)
Incident : Data Breach ATT3032030111625
Incident Response Plan Activated: True
Remediation Measures: Class action settlement ($177M)Free credit/identity monitoring for affected customers
Communication Strategy: Public disclosureCustomer advisories (password changes, 2FA, credit freezing)Website updates with detailed breach information
Incident : Data Breach ATT1764635319
Communication Strategy: Settlement announcement and extended claims deadline (December 18, 2025)
Incident : Data Breach ATT1764781901
Communication Strategy: Public disclosure via settlement website
Incident : Data Breach ATT1764820523
Communication Strategy: Public disclosure and settlement announcement
Incident : Data Breach ATT1765044347
Law Enforcement Notified: Yes (hackers arrested)
Communication Strategy: Public disclosure, settlement announcements
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (settlement process initiated), Yes (password resets for 2019 breach; legal coordination for both), Yes (Collaboration with FBI/DOJ), Yes (collaboration with FBI/DOJ), Yes (settlement process initiated), Yes (settlement process initiated), Yes (as part of settlement terms), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll Settlement Administration (court-appointed administrator), Kroll Settlement Administration (claims management), Law firms (class action settlement), , Kroll Settlement Administration (claims management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ATT2145281022
Type of Data Compromised: Names, Addresses, Email addresses, Phone numbers, Social security numbers, Dates of birth
Number of Records Exposed: 28.5 million
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: dbfull
Personally Identifiable Information: Yes
Incident : Data Breach ATT41910723
Type of Data Compromised: Customer first names, Wireless account numbers, Wireless phone numbers, Email addresses, Number of lines on an account, Wireless rate plan
Number of Records Exposed: 9 million
Sensitivity of Data: Low
Personally Identifiable Information: customer first nameswireless phone numbersemail addresses
Incident : Hacking Campaign ATT000011825
Type of Data Compromised: Phone calls, Text messages, Law enforcement wiretap systems
Incident : Data Breach ATT025072625
Type of Data Compromised: Customer proprietary network information (cpni)
Incident : Data Breach ATT252072925
Type of Data Compromised: Pii
Sensitivity of Data: High
Personally Identifiable Information: namesaddressesSocial Security numbers
Incident : Data Breach ATT444072925
Type of Data Compromised: Social security numbers, Customer proprietary network information (cpni)
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach ATT4065240090625
Type of Data Compromised: Personally identifiable information (pii), Call records, Telecommunications metadata
Number of Records Exposed: 72.6 million (first breach) + unspecified (second breach, 6 months of call/text data in 2022)
Sensitivity of Data: High (SSNs, passcodes, call records)
Data Exfiltration: Yes (dark web leak for first breach; cloud platform access for second breach)
Personally Identifiable Information: Yes (SSNs, birthdates, addresses, phone numbers)
Incident : Data Breach ATT2892228093025
Type of Data Compromised: Personally identifiable information (pii), Call records
Sensitivity of Data: High (includes names, addresses, call records)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (names, addresses)
Incident : Data Breach (2019) ATT3362133100925
Type of Data Compromised: Breach 2019: PII (Social Security numbers, birth dates, legal names), Breach 2024: Phone records (call logs, metadata from 2022),
Number of Records Exposed: {'breach_2019': '73,000,000', 'breach_2024': '109,000,000'}
Sensitivity of Data: Breach 2019: High (SSNs, full names, birth dates), Breach 2024: Moderate (phone records, no financial data),
Data Exfiltration: Breach 2019: Yes (data found on dark web), Breach 2024: Yes (accessed via Snowflake),
File Types Exposed: Breach 2019: Database records (structured), Breach 2024: Call detail records (CDRs), logs,
Personally Identifiable Information: Breach 2019: Yes (SSNs, names, birth dates), Breach 2024: Indirect (phone numbers, call metadata),
Incident : Data Breach ATT4692046101025
Type of Data Compromised: Personally identifiable information (pii), Call/text metadata
Number of Records Exposed: 73,000,000 (March 2024), 'Nearly all' cellular customers (July 2024)
Sensitivity of Data: High (SSNs, PII)
Data Exfiltration: Yes (Dark web leak; third-party cloud download)
Personally Identifiable Information: Social Security NumbersAddressesBirthdatesPhone Numbers
Incident : Data Breach ATT0092600102125
Type of Data Compromised: Personal data (e.g., names, contact info), Call and text logs
Sensitivity of Data: High (telecom data linked to identity theft risks)
Data Exfiltration: Yes (confirmed in both incidents)
Personally Identifiable Information: Yes
Incident : data breach ATT2192021102425
Type of Data Compromised: Personal records, Recruitment data, Applicant/employee information
Number of Records Exposed: 576,686
Sensitivity of Data: High (potentially includes resumes, PII, career-related documents)
Data Exfiltration: Claimed by Everest ransomware group
Personally Identifiable Information: Likely (e.g., names, contact details, resumes, possibly SSNs)
Incident : Data Breach ATT5202352111325
Type of Data Compromised: Personally identifiable information (pii), Telecommunications metadata
Number of Records Exposed: ~73 million (first breach), 'Nearly all' cellular customers (second breach)
Sensitivity of Data: High (SSNs, passcodes in first breach; call/text metadata in second)
Data Exfiltration: Yes (dark web dataset in first breach; third-party cloud in second)
Personally Identifiable Information: Social Security numbersAddressesBirthdatesPhone numbers
Incident : Data Breach ATT4392343111325
Type of Data Compromised: Personally identifiable information (pii), Financial data (billing account numbers), Telecom metadata (call logs, cell site ids)
Number of Records Exposed: Millions
Sensitivity of Data: High (SSNs, PII, account credentials)
Data Exfiltration: Yes (data appeared on dark web)
Personally Identifiable Information: Social Security numbersNamesAddressesBirthdatesEmail IDsPhone numbersAccount passcodes
Incident : Data Breach ATT1803418111425
Type of Data Compromised: Personally identifiable information (pii), Call records and metadata
Number of Records Exposed: Millions (exact number unspecified)
Sensitivity of Data: High (includes SSNs, call records, and account details)
Data Exfiltration: Yes (data appeared on the dark web in March 2024; call records downloaded in July 2024)
Personally Identifiable Information: NamesAddressesPhone numbersEmail addressesDates of birthAccount passcodesSocial Security numbers (SSNs)
Incident : Data Breach ATT0893608111425
Type of Data Compromised: Personally identifiable information (pii), Social security numbers, Birthdates, Phone records, Phone numbers
Number of Records Exposed: Millions (nearly all of AT&T’s customer base)
Sensitivity of Data: High (includes SSNs and other PII)
Data Exfiltration: Yes (data leaked on dark web in March; illegally downloaded in July)
Data Encryption: Likely inadequate (as part of outdated security protocols)
Personally Identifiable Information: Yes (SSNs, birthdates, phone records, etc.)
Incident : Data Breach ATT3032030111625
Type of Data Compromised: Personally identifiable information (pii), Social security numbers (ssns), Financial data, Email addresses, Phone numbers, Medical information (potential)
Sensitivity of Data: High (includes SSNs, financial data)
Incident : Data Breach ATT1764635319
Personally Identifiable Information: Likely (given settlement context)
Incident : Data Breach ATT1764781901
Type of Data Compromised: Personal information, Call and text records
Number of Records Exposed: 73 million (first breach), 110 million (second breach)
Sensitivity of Data: High (SSNs, passcodes, billing details, call/text records)
Data Exfiltration: Yes (dark web release)
Personally Identifiable Information: AddressesDates of birthSocial Security numbersPasscodesBilling account numbers
Incident : Data Breach ATT1764820523
Type of Data Compromised: Social security numbers, Birth dates, Legal names
Number of Records Exposed: 73 million
Sensitivity of Data: High
Data Exfiltration: Yes (dark web)
Personally Identifiable Information: Yes
Incident : Data Breach ATT1765044347
Type of Data Compromised: Personal data (names, ssns, dobs), Call and text records
Number of Records Exposed: 51 million (2019), nearly all customers (2024)
Sensitivity of Data: High (SSNs, DOBs)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (SSNs, DOBs)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offering one year of free credit monitoring, , $177M settlement fund, Enhanced monitoring (assumed), , Settlement funds for affected customers, Extended claim-filing deadlines, , Improved encryption, Enhanced monitoring, , Class action settlement ($177M), Free credit/identity monitoring for affected customers, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by breach_2019: password resets for affected current customers, breach_2024: snowflake access revoked; investigation into credential compromise and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach ATT4065240090625
Data Exfiltration: Yes (first breach: dark web; second breach: cloud platform)
Incident : Data Breach (2019) ATT3362133100925
Data Exfiltration: [{'breach_2019': 'Yes (dark web sale)', 'breach_2024': 'Yes (accessed via Snowflake)'}]
Incident : data breach ATT2192021102425
Ransomware Strain: Everest
Data Exfiltration: Claimed (576,686 records)
Incident : Data Breach ATT5202352111325
Data Exfiltration: Yes (second breach via third-party cloud)
Incident : Data Breach ATT3032030111625
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Settlement funds ($177M) for affected customers, Class action settlement website (telecomdatasettlement.com), Customer notifications via email, , Settlement payouts to victims, Settlement fund of $177 million for affected customers, $177 million settlement fund, Free credit monitoring and identity theft protection (up to 3 years), Reimbursement for documented losses (up to $7,500 per person), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ATT4065240090625
Legal Actions: Class-action lawsuits settled (no admission of wrongdoing)
Incident : Data Breach ATT2892228093025
Legal Actions: Class-action settlement ($177 million)
Incident : Data Breach (2019) ATT3362133100925
Legal Actions: Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach,
Incident : Data Breach ATT4692046101025
Fines Imposed: $177M settlement (proposed)
Legal Actions: Class-action lawsuits (two consolidated cases)
Regulatory Notifications: FBI, DOJ (collaborative delay for national security)
Incident : Data Breach ATT0092600102125
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class-action lawsuit settlement,
Incident : Data Breach ATT5202352111325
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class-action lawsuits (two consolidated cases), Federal/state lawsuits,
Regulatory Notifications: Delayed per FBI/DOJ request (national security concerns)
Incident : Data Breach ATT4392343111325
Fines Imposed: $177 million (settlement)
Legal Actions: Class-action lawsuit settled
Incident : Data Breach ATT1803418111425
Legal Actions: Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026)
Incident : Data Breach ATT0893608111425
Fines Imposed: $177 million (settlement amount, not a fine)
Legal Actions: Class-action lawsuit; multidistrict litigation
Incident : Data Breach ATT3032030111625
Fines Imposed: $177 million (settlement, not a fine)
Legal Actions: Class action lawsuit,
Incident : Data Breach ATT1764635319
Fines Imposed: $177 million (settlement)
Legal Actions: Class-action lawsuit settlement
Incident : Data Breach ATT1764781901
Legal Actions: Multiple lawsuits consolidated in U.S. Northern District Court of Texas
Incident : Data Breach ATT1764820523
Legal Actions: Court-ordered settlement
Incident : Data Breach ATT1765044347
Legal Actions: Class-action lawsuits,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class-action lawsuits settled (no admission of wrongdoing), Class-action settlement ($177 million), Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach, , Class-action lawsuits (two consolidated cases), Class-action lawsuit settlement, , Class-action lawsuits (two consolidated cases), Federal/state lawsuits, , Class-action lawsuit settled, Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026), Class-action lawsuit; multidistrict litigation, Class action lawsuit, , Class-action lawsuit settlement, Multiple lawsuits consolidated in U.S. Northern District Court of Texas, Court-ordered settlement, Class-action lawsuits, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Hacking Campaign ATT000011825
Lessons Learned: The need for higher cybersecurity standards within critical infrastructure sectors.
Incident : Data Breach (2019) ATT3362133100925
Lessons Learned: Delayed disclosure (2019 breach revealed 5 years later) erodes trust., Third-party risks (Snowflake) require stricter access controls and monitoring., Proactive password resets can mitigate post-breach risks., Class action settlements are costly but necessary for large-scale breaches.
Incident : Data Breach ATT0092600102125
Lessons Learned: Telecom data breaches can have severe privacy implications, including identity theft and phishing risks. Proactive customer compensation and transparent communication are critical for mitigating reputational and financial damage.
Incident : Data Breach ATT1803418111425
Lessons Learned: The settlement highlights the critical need for stronger data security measures, corporate accountability, and proactive customer protection in the digital age. The scale of the payout underscores the growing legal and financial risks associated with data breaches, particularly when sensitive information like SSNs is exposed.
Incident : Data Breach ATT0893608111425
Lessons Learned: Legacy systems in telecommunications are highly vulnerable to sophisticated cyber threats., Proactive investments in zero-trust architectures and AI-driven threat detection are critical., Settlements, while costly, may not fully deter negligence if penalties are proportionally small compared to corporate revenues., Public awareness campaigns are essential to ensure affected individuals file claims.
Incident : Data Breach ATT3032030111625
Lessons Learned: Immediate password changes and 2FA enablement are critical post-breach., Proactive financial monitoring and credit freezing mitigate identity theft risks., Companies should provide clear, detailed breach notifications to guide customer actions., Free monitoring services help victims detect fraud early., Follow-up scams targeting breach victims are common; verification of communications is essential.
What recommendations were made to prevent future incidents ?
Incident : Hacking Campaign ATT000011825
Recommendations: Implement basic cyber defenses and enforce cyber risk-management planning.
Incident : Data Breach (2019) ATT3362133100925
Recommendations: Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.Implement zero-trust architecture for third-party cloud providers., Enhance dark web monitoring for leaked credentials/data., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Conduct regular audits of third-party vendor security practices., Offer credit monitoring for victims of PII exposure.
Incident : Data Breach ATT0092600102125
Recommendations: File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor official communications ([email protected]) and avoid phishing scams., Advocate for stronger data protection measures in the telecom industry.
Incident : data breach ATT2192021102425
Recommendations: Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.Change AT&T account passwords and avoid reuse elsewhere., Enable multi-factor authentication (MFA) on all accounts., Monitor financial statements, credit files, and communications for suspicious activity., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Follow official AT&T channels for notifications, not unsolicited links., AT&T should investigate third-party vendor risks as a potential breach source.
Incident : Data Breach ATT1803418111425
Recommendations: Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.Enhance data encryption and access controls, especially for third-party cloud platforms., Implement stricter monitoring for dark web leaks and unauthorized data access., Improve incident response transparency and timeliness in public disclosures., Provide affected customers with long-term identity theft protection and credit monitoring services., Strengthen compliance with data protection regulations to mitigate future legal and financial risks.
Incident : Data Breach ATT0893608111425
Recommendations: Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Enhance customer communication and support during and after breaches., Monitor dark web activity for leaked corporate data proactively.
Incident : Data Breach ATT3032030111625
Recommendations: Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Accept free monitoring services offered by the breached company., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The need for higher cybersecurity standards within critical infrastructure sectors.Delayed disclosure (2019 breach revealed 5 years later) erodes trust.,Third-party risks (Snowflake) require stricter access controls and monitoring.,Proactive password resets can mitigate post-breach risks.,Class action settlements are costly but necessary for large-scale breaches.Telecom data breaches can have severe privacy implications, including identity theft and phishing risks. Proactive customer compensation and transparent communication are critical for mitigating reputational and financial damage.The settlement highlights the critical need for stronger data security measures, corporate accountability, and proactive customer protection in the digital age. The scale of the payout underscores the growing legal and financial risks associated with data breaches, particularly when sensitive information like SSNs is exposed.Legacy systems in telecommunications are highly vulnerable to sophisticated cyber threats.,Proactive investments in zero-trust architectures and AI-driven threat detection are critical.,Settlements, while costly, may not fully deter negligence if penalties are proportionally small compared to corporate revenues.,Public awareness campaigns are essential to ensure affected individuals file claims.Immediate password changes and 2FA enablement are critical post-breach.,Proactive financial monitoring and credit freezing mitigate identity theft risks.,Companies should provide clear, detailed breach notifications to guide customer actions.,Free monitoring services help victims detect fraud early.,Follow-up scams targeting breach victims are common; verification of communications is essential.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Conduct regular audits of third-party vendor security practices., Implement zero-trust architecture for third-party cloud providers., Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Enhance customer communication and support during and after breaches., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Implement stricter breach notification timelines and regulatory compliance measures., Invest in AI-driven threat detection and zero-trust architectures., Implement basic cyber defenses and enforce cyber risk-management planning., Enhance dark web monitoring for leaked credentials/data., Monitor dark web activity for leaked corporate data proactively. and Offer credit monitoring for victims of PII exposure..
References
Where can I find more information about each incident ?
Incident : Data Breach ATT025072625
Source: California Office of the Attorney General
Incident : Data Breach ATT252072925
Source: Vermont Office of the Attorney General
Date Accessed: 2023-07-13
Incident : Data Breach ATT444072925
Source: California Office of the Attorney General
Date Accessed: 2014-06-10
Incident : Data Breach ATT4065240090625
Source: Telecom Data Settlement Website
Incident : Data Breach ATT4065240090625
Source: Kroll Settlement Administration News Release
Date Accessed: 2024-10 (per article)
Incident : Data Breach ATT2892228093025
Source: Rossen Reports (Good Morning America)
Incident : Data Breach ATT2892228093025
Source: YouTube (Advertisement/Report)
Incident : Data Breach (2019) ATT3362133100925
Source: CNET
Incident : Data Breach (2019) ATT3362133100925
Source: US District Court (Northern District of Texas)
Incident : Data Breach (2019) ATT3362133100925
Source: Kroll Settlement Administration
Incident : Data Breach ATT4692046101025
Source: AT&T Press Release (March 30, 2024)
Incident : Data Breach ATT4692046101025
Source: AT&T Press Release (July 12, 2024)
Incident : Data Breach ATT4692046101025
Source: FBI Statement on Disclosure Delay
Incident : Data Breach ATT4692046101025
Source: Kroll Settlement Administration (Claims Portal)
Incident : Data Breach ATT0092600102125
Source: AT&T Data Incident Settlement Official Website (Kroll Settlement Administration)
Incident : Data Breach ATT0092600102125
Source: Federal Trade Commission (FTC) Warnings on Telecom Data Misuse
Incident : data breach ATT2192021102425
Source: Everest ransomware group dark web leak site
Date Accessed: 2025-10-21
Incident : Data Breach ATT5202352111325
Source: AT&T Press Release (March 30, 2024)
Incident : Data Breach ATT5202352111325
Source: AT&T Press Release (July 12, 2024)
Incident : Data Breach ATT5202352111325
Source: FBI Statement on Disclosure Delay
Incident : Data Breach ATT5202352111325
Source: Kroll Settlement Administration (AT&T Data Breach Settlement)
Incident : Data Breach ATT4392343111325
Source: AT&T Data Breach Settlement Official Site
Incident : Data Breach ATT4392343111325
Source: Kroll Settlement Administration
Incident : Data Breach ATT1803418111425
Source: Rolling Out
Incident : Data Breach ATT1803418111425
Source: PIX11
Incident : Data Breach ATT1803418111425
Source: AT&T Data Incident Settlement Website
Incident : Data Breach ATT0893608111425
Source: United States District Court for the Northern District of Texas
Incident : Data Breach ATT0893608111425
Source: Kroll Settlement Administration (Official Settlement Website)
Incident : Data Breach ATT0893608111425
Source: The Economic Times
Incident : Data Breach ATT0893608111425
Source: Top Class Actions
Incident : Data Breach ATT0893608111425
Source: NBC DFW
Incident : Data Breach ATT0893608111425
Source: CBS News
Incident : Data Breach ATT0893608111425
Source: KTVU FOX 2
Incident : Data Breach ATT0893608111425
Source: AfroTech
Incident : Data Breach ATT0893608111425
Source: Business Insider
Incident : Data Breach ATT0893608111425
Source: AP News
Incident : Data Breach ATT0893608111425
Source: Altitudes Magazine
Incident : Data Breach ATT0893608111425
Source: Yahoo News
Incident : Data Breach ATT0893608111425
Source: WORLDSTARHIPHOP (X/Twitter)
Incident : Data Breach ATT0893608111425
Source: CT Insider
Incident : Data Breach ATT0893608111425
Source: MSN
Incident : Data Breach ATT3032030111625
Source: USA TODAY
Incident : Data Breach ATT3032030111625
Source: Data Doctors (article referenced in description)
Incident : Data Breach ATT1764781901
Source: Associated Press (AP)
Incident : Data Breach ATT1764781901
Source: AT&T Settlement Website
Incident : Data Breach ATT1764820523
Source: CNET
Incident : Data Breach ATT1765044347
Source: Court documents
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-07-13, and Source: California Office of the Attorney GeneralDate Accessed: 2014-06-10, and Source: Topeka Capital-JournalUrl: https://www.cjonline.com, and Source: Telecom Data Settlement WebsiteUrl: https://www.TelecomDataSettlement.com, and Source: Kroll Settlement Administration News ReleaseDate Accessed: 2024-10 (per article), and Source: Rossen Reports (Good Morning America)Url: https://www.telecomdatasettlement.com, and Source: YouTube (Advertisement/Report), and Source: CNETUrl: https://www.cnet.com/tech/mobile/att-data-breach-settlement-how-to-file-a-claim-and-how-much-you-could-get/, and Source: US District Court (Northern District of Texas), and Source: Kroll Settlement AdministrationUrl: https://telecomdatasettlement.com, and Source: AT&T Press Release (March 30, 2024), and Source: AT&T Press Release (July 12, 2024), and Source: FBI Statement on Disclosure Delay, and Source: Kroll Settlement Administration (Claims Portal), and Source: AT&T Data Incident Settlement Official Website (Kroll Settlement Administration), and Source: Federal Trade Commission (FTC) Warnings on Telecom Data Misuse, and Source: Hackread.comUrl: https://www.hackread.comDate Accessed: 2025-10-21, and Source: Everest ransomware group dark web leak siteDate Accessed: 2025-10-21, and Source: AT&T Press Release (March 30, 2024), and Source: AT&T Press Release (July 12, 2024), and Source: FBI Statement on Disclosure Delay, and Source: Kroll Settlement Administration (AT&T Data Breach Settlement), and Source: AT&T Data Breach Settlement Official Site, and Source: Kroll Settlement Administration, and Source: Rolling Out, and Source: PIX11, and Source: AT&T Data Incident Settlement Website, and Source: United States District Court for the Northern District of Texas, and Source: Kroll Settlement Administration (Official Settlement Website), and Source: The Economic Times, and Source: Top Class Actions, and Source: NBC DFW, and Source: CBS News, and Source: KTVU FOX 2, and Source: AfroTech, and Source: Business Insider, and Source: AP News, and Source: Altitudes Magazine, and Source: Yahoo News, and Source: WORLDSTARHIPHOP (X/Twitter), and Source: CT Insider, and Source: MSN, and Source: USA TODAY, and Source: Data Doctors (article referenced in description), and Source: Associated Press (AP), and Source: AT&T Settlement Website, and Source: CNET, and Source: Court documents.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ATT4065240090625
Investigation Status: Ongoing (settlement approval hearing scheduled for December 3, 2024)
Incident : Data Breach ATT2892228093025
Investigation Status: Settled (compensation phase)
Incident : Data Breach (2019) ATT3362133100925
Investigation Status: Closed (settlement approved; two arrests for 2024 breach)
Incident : Data Breach ATT4692046101025
Investigation Status: Ongoing (Settlement pending court approval on Dec 3, 2024)
Incident : Data Breach ATT0092600102125
Investigation Status: Settled (pending final court approval and claim reviews)
Incident : data breach ATT2192021102425
Investigation Status: Unverified by AT&T; under monitoring by Hackread.com
Incident : Data Breach ATT5202352111325
Investigation Status: Ongoing (settlement pending court approval on Dec. 3, 2024)
Incident : Data Breach ATT4392343111325
Investigation Status: Settled (awaiting court approval for payouts)
Incident : Data Breach ATT1803418111425
Investigation Status: Settlement agreed; final approval hearing scheduled for January 15, 2026. Payments expected to begin distribution in early 2026 after administrative processing.
Incident : Data Breach ATT0893608111425
Investigation Status: Resolved (settlement approved by federal judge in Texas)
Incident : Data Breach ATT3032030111625
Investigation Status: Resolved (settlement reached)
Incident : Data Breach ATT1764781901
Investigation Status: Settled
Incident : Data Breach ATT1764820523
Investigation Status: Settled
Incident : Data Breach ATT1765044347
Investigation Status: Ongoing (settlement reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Email notifications ([email protected]) and public announcements via news releases, Public settlement announcement and claim process via www.telecomdatasettlement.com, Public Disclosures (2024-03 And 2024-07), Dedicated Settlement Website, Customer Notifications With Class Member Ids, Delayed disclosure (national security concerns); Customer notifications via email (Kroll Settlement Administration), Official Notices Via Email/Snail Mail ([email protected]), Dedicated Settlement Website, Customer Support Hotline (833-890-4930), Public Announcements (March 30, July 12, 2024), Email Notifications Via Kroll Settlement Administration, Settlement Website For Claims, Public disclosure, official settlement website, customer notifications, Public advisories, official settlement website, media coverage (e.g., Rolling Out, PIX11), Official Settlement Website (Managed By Kroll), Public Awareness Campaigns, Social Media Outreach (E.G., X/Twitter), Public Disclosure, Customer Advisories (Password Changes, 2Fa, Credit Freezing), Website Updates With Detailed Breach Information, Settlement announcement and extended claims deadline (December 18, 2025), Public disclosure via settlement website, Public disclosure and settlement announcement, Public disclosure and settlement announcements.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ATT4065240090625
Stakeholder Advisories: Emails sent to affected customers ([email protected]); public news releases
Customer Advisories: Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024
Incident : Data Breach ATT2892228093025
Stakeholder Advisories: Customers advised to file claims by November 18, 2024
Customer Advisories: Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information.
Incident : Data Breach (2019) ATT3362133100925
Stakeholder Advisories: Customers Notified Via Email With Class Member Ids., Public Settlement Website With Claim Forms., Media Announcements (Cnet, Other Tech Outlets).
Customer Advisories: File claims by Nov. 18, 2025 via telecomdatasettlement.com or mail.Documented losses may increase payout (up to $5K for 2019, $2.5K for 2024).Check spam folders for Class Member ID notifications.Call 833-890-4930 for assistance.
Incident : Data Breach ATT4692046101025
Stakeholder Advisories: Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024
Customer Advisories: Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure
Incident : Data Breach ATT0092600102125
Stakeholder Advisories: Customers advised to file claims by the extended deadline and submit documentation for losses.
Customer Advisories: Beware of scams; official notices come only from [email protected] the provided Class Member ID or AT&T account credentials to file claims.Mail-in claims must be postmarked by the submission deadline (address: AT&T Data Incident Settlement c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324).
Incident : data breach ATT2192021102425
Customer Advisories: Applicants/employees advised to change passwords, enable MFA, and monitor for fraud.Official guidance from AT&T pending.
Incident : Data Breach ATT5202352111325
Stakeholder Advisories: Email Notifications Via [email protected], Settlement Website For Claims (Deadline: Nov. 18, 2024), Opt-Out Deadline For Independent Lawsuits: Oct. 17, 2024.
Customer Advisories: Eligible customers can claim up to $7,500 (if affected by both breaches)Tiered compensation based on SSN exposure (first breach) or documented loss (second breach)Claims process opened Aug. 4, 2024
Incident : Data Breach ATT4392343111325
Stakeholder Advisories: Customers advised to file claims before November 18, 2025
Customer Advisories: Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail.
Incident : Data Breach ATT1803418111425
Stakeholder Advisories: Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action.
Customer Advisories: Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims.
Incident : Data Breach ATT0893608111425
Stakeholder Advisories: Customers Advised To File Claims By December 18, 2025 (Extended Deadline)., Free Credit Monitoring And Identity Theft Protection Offered For Up To 3 Years., Documentation Required For Reimbursement Of Losses Exceeding Basic Claim Amounts..
Customer Advisories: Check eligibility for settlement claims via the official portal or by mail.No proof of AT&T service required for basic eligibility.Opt-out option available for those wishing to pursue independent legal action.Public urged to remain vigilant against phishing scams and identity theft attempts.
Incident : Data Breach ATT3032030111625
Stakeholder Advisories: Customers Advised To Change Passwords, Enable 2Fa, Monitor Accounts, And Freeze Credit If Necessary..
Customer Advisories: Change passwords immediately, even if the company states passwords weren’t accessed.Enable 2FA on all accounts.Monitor bank and credit card transactions for fraud.Freeze credit if SSN or highly sensitive data was exposed.Accept free credit/identity monitoring offered by AT&T.Beware of follow-up scams impersonating AT&T or offering assistance.
Incident : Data Breach ATT1764635319
Customer Advisories: Customers advised to submit claims by December 18, 2025, for potential compensation up to $7,500
Incident : Data Breach ATT1764781901
Customer Advisories: Claims deadline: December 18, 2024
Incident : Data Breach ATT1764820523
Customer Advisories: Compensation claims open until Dec. 18, 2025
Incident : Data Breach ATT1765044347
Customer Advisories: Settlement payout eligibility announcements
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Emails sent to affected customers ([email protected]); public news releases, Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024, Customers advised to file claims by November 18, 2024, Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information., Customers Notified Via Email With Class Member Ids., Public Settlement Website With Claim Forms., Media Announcements (Cnet, Other Tech Outlets), File Claims By Nov. 18, 2025 Via Telecomdatasettlement.Com Or Mail., Documented Losses May Increase Payout (Up To $5K For 2019, $2.5K For 2024)., Check Spam Folders For Class Member Id Notifications., Call 833-890-4930 For Assistance., , Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024, Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure, Customers advised to file claims by the extended deadline and submit documentation for losses., Beware Of Scams; Official Notices Come Only From [email protected]., Use The Provided Class Member Id Or At&T Account Credentials To File Claims., Mail-In Claims Must Be Postmarked By The Submission Deadline (Address: At&T Data Incident Settlement C/O Kroll Settlement Administration Llc, P.O. Box 5324, New York, Ny 10150-5324)., , Applicants/Employees Advised To Change Passwords, Enable Mfa, And Monitor For Fraud., Official Guidance From At&T Pending., , Email Notifications Via [email protected], Settlement Website For Claims (Deadline: Nov. 18, 2024), Opt-Out Deadline For Independent Lawsuits: Oct. 17, 2024, Eligible Customers Can Claim Up To $7,500 (If Affected By Both Breaches), Tiered Compensation Based On Ssn Exposure (First Breach) Or Documented Loss (Second Breach), Claims Process Opened Aug. 4, 2024, , Customers advised to file claims before November 18, 2025, Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail., Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action., Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims., Customers Advised To File Claims By December 18, 2025 (Extended Deadline)., Free Credit Monitoring And Identity Theft Protection Offered For Up To 3 Years., Documentation Required For Reimbursement Of Losses Exceeding Basic Claim Amounts., Check Eligibility For Settlement Claims Via The Official Portal Or By Mail., No Proof Of At&T Service Required For Basic Eligibility., Opt-Out Option Available For Those Wishing To Pursue Independent Legal Action., Public Urged To Remain Vigilant Against Phishing Scams And Identity Theft Attempts., , Customers Advised To Change Passwords, Enable 2Fa, Monitor Accounts, And Freeze Credit If Necessary., Change Passwords Immediately, Even If The Company States Passwords Weren’T Accessed., Enable 2Fa On All Accounts., Monitor Bank And Credit Card Transactions For Fraud., Freeze Credit If Ssn Or Highly Sensitive Data Was Exposed., Accept Free Credit/Identity Monitoring Offered By At&T., Beware Of Follow-Up Scams Impersonating At&T Or Offering Assistance., , Customers advised to submit claims by December 18, 2025, for potential compensation up to $7,500, Claims deadline: December 18, 2024, Compensation claims open until Dec. 18, 2025 and Settlement payout eligibility announcements.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ATT2145281022
Entry Point: Dark Web File-Sharing Site
Incident : Data Breach ATT4065240090625
High Value Targets: Customer Pii (First Breach), Call/Text Records (Second Breach),
Data Sold on Dark Web: Customer Pii (First Breach), Call/Text Records (Second Breach),
Incident : Data Breach (2019) ATT3362133100925
Entry Point: Breach 2019: Unknown (dark web leak), Breach 2024: Compromised Snowflake credentials (likely via ShinyHunters),
High Value Targets: Breach 2019: Customer PII (SSNs, names), Breach 2024: Historical phone records (2022 data),
Data Sold on Dark Web: Breach 2019: Customer PII (SSNs, names), Breach 2024: Historical phone records (2022 data),
Incident : Data Breach ATT0092600102125
High Value Targets: Customer Personal Data, Call/Text Logs,
Data Sold on Dark Web: Customer Personal Data, Call/Text Logs,
Incident : data breach ATT2192021102425
High Value Targets: At&T Careers Platform (Recruitment/Applicant Data),
Data Sold on Dark Web: At&T Careers Platform (Recruitment/Applicant Data),
Incident : Data Breach ATT5202352111325
High Value Targets: Customer Pii (First Breach), Call/Text Metadata (Second Breach),
Data Sold on Dark Web: Customer Pii (First Breach), Call/Text Metadata (Second Breach),
Incident : Data Breach ATT1803418111425
High Value Targets: Social Security Numbers, Call Records And Metadata,
Data Sold on Dark Web: Social Security Numbers, Call Records And Metadata,
Incident : Data Breach ATT3032030111625
High Value Targets: Customer Pii, Ssns, Financial Data,
Data Sold on Dark Web: Customer Pii, Ssns, Financial Data,
Incident : Data Breach ATT1764781901
Entry Point: Third-party cloud platform
Incident : Data Breach ATT1765044347
Entry Point: Third-party cloud storage (Snowflake)
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ATT4065240090625
Corrective Actions: Settlement payouts to avoid litigation; no technical remediation details disclosed
Incident : Data Breach (2019) ATT3362133100925
Root Causes: Breach 2019: Unknown (poor data protection or insider threat), Breach 2024: Weak credential management for Snowflake access; lack of multi-factor authentication (MFA) or IP restrictions,
Corrective Actions: Settlement Fund For Victims., Assumed: Strengthened Third-Party Access Controls (E.G., Mfa For Snowflake)., Proactive Password Resets For Affected Users (2019)., Legal Accountability (Arrests For 2024 Breach).,
Incident : Data Breach ATT0092600102125
Corrective Actions: Financial Compensation For Affected Customers, Extended Claim-Filing Window, Public Awareness Campaigns About Phishing Risks,
Incident : Data Breach ATT4392343111325
Corrective Actions: Settlement payouts, customer compensation tiers
Incident : Data Breach ATT1803418111425
Root Causes: Inadequate Protection Of Sensitive Customer Data (E.G., Ssns, Call Records)., Vulnerabilities In Third-Party Cloud Platform Security (July 2024 Breach)., Failure To Prevent Data Exfiltration To The Dark Web (March 2024 Breach).,
Corrective Actions: $177 Million Settlement Fund For Affected Customers., Enhanced Legal And Administrative Processes For Claims Verification., Public Acknowledgment Of Harm And Need For Accountability (Though No Admission Of Wrongdoing).,
Incident : Data Breach ATT0893608111425
Root Causes: Outdated Security Protocols, Inadequate Encryption And Monitoring, Vulnerability To Sophisticated Hacking Attempts,
Corrective Actions: Settlement Agreement Includes Commitments To Improve Encryption And Monitoring., Enhanced Data Security Measures Implemented Post-Breach., Public Awareness Campaigns To Inform Affected Customers.,
Incident : Data Breach ATT3032030111625
Corrective Actions: $177 Million Settlement To Affected Customers., Provision Of Free Credit/Identity Monitoring Services., Public Communication And Advisories To Guide Customer Response.,
Incident : Data Breach ATT1764781901
Root Causes: Third-party cloud platform compromise
Incident : Data Breach ATT1765044347
Root Causes: Failure To Safeguard Data, Third-Party Compromise,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll Settlement Administration (court-appointed administrator), Kroll Settlement Administration (Claims Management), Law Firms (Class Action Settlement), , Likely (not explicitly stated), Kroll Settlement Administration (Claims Management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims), Yes (as part of post-breach security overhauls).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement payouts to avoid litigation; no technical remediation details disclosed, Settlement Fund For Victims., Assumed: Strengthened Third-Party Access Controls (E.G., Mfa For Snowflake)., Proactive Password Resets For Affected Users (2019)., Legal Accountability (Arrests For 2024 Breach)., , Financial Compensation For Affected Customers, Extended Claim-Filing Window, Public Awareness Campaigns About Phishing Risks, , Settlement payouts, customer compensation tiers, $177 Million Settlement Fund For Affected Customers., Enhanced Legal And Administrative Processes For Claims Verification., Public Acknowledgment Of Harm And Need For Accountability (Though No Admission Of Wrongdoing)., , Settlement Agreement Includes Commitments To Improve Encryption And Monitoring., Enhanced Data Security Measures Implemented Post-Breach., Public Awareness Campaigns To Inform Affected Customers., , $177 Million Settlement To Affected Customers., Provision Of Free Credit/Identity Monitoring Services., Public Communication And Advisories To Guide Customer Response., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Nation-state actors, Breach 2019: UnknownBreach 2024: ShinyHunters (hacker group; two arrests made), Everest ransomware group and CybercriminalsAlleged hackers (arrested).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-17.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-03.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $177 million settlement.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, email addresses, phone numbers, Social Security Numbers, dates of birth, , customer first names, wireless account numbers, wireless phone numbers, email addresses, number of lines on an account, wireless rate plan, , phone calls, text messages, law enforcement wiretap systems, , Customer Proprietary Network Information (CPNI), , names, addresses, Social Security numbers, , Social Security numbers, Customer Proprietary Network Information (CPNI), , Social Security Numbers (SSNs), Birthdates, Phone Numbers, Addresses, Billing Numbers, Passcodes, Call Records (phone numbers, aggregate call duration, cell site details), , Customer names, Addresses, Call records, , Breach 2019: 73 million records (7.6M current + 65.4M former customers), Breach 2024: 109 million records (phone records from 2022), , Addresses, Social Security Numbers, Birthdates, Passcodes, Billing Numbers, Phone Numbers, Call/Text Metadata (May 1, 2022 – Oct 31, 2022), , Personal data (e.g., names, contact info), Call and text logs, , personal records (576,686), potential recruitment/applicant/employee data, , Breach 1: ['Addresses', 'Social Security numbers', 'Birthdates', 'Passcodes', 'Billing numbers', 'Phone numbers'], Breach 2: ['Call records (metadata)', 'Text records (metadata)'], , Social Security numbers, Birthdates, Names, Addresses, Email IDs, Phone numbers, Billing account numbers, Account passcodes, Call logs, Interaction counts, Call frequencies, Cell site IDs, , Names, Addresses, Phone numbers, Email addresses, Dates of birth, Account passcodes, Billing numbers, Social Security numbers (SSNs), Call records (telephone numbers interacted with, call frequency, cell site identification numbers), , Social Security numbers, Birthdates, Phone records, AT&T-specific fields (March breach), Phone numbers (July breach), , , , Personal information, call and text records, Personal information including Social Security numbers, birth dates, and legal names, Personal data (names, SSNs, DOBs), Call and text records and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Customer Databases (First Breach)Cloud Platform (Second Breach) and B, r, e, a, c, h, , 2, 0, 1, 9, :, , A, T, &, T, , c, u, s, t, o, m, e, r, , d, a, t, a, b, a, s, e, s, ,, B, r, e, a, c, h, , 2, 0, 2, 4, :, , S, n, o, w, f, l, a, k, e, , c, l, o, u, d, , d, a, t, a, , w, a, r, e, h, o, u, s, e, ,, and Customer DatabasesThird-Party Cloud Platform and AT&T Careers platform (job and recruitment portal) and Customer databases (First Breach)Third-party cloud platform (Second Breach) and AT&T customer databasesThird-party cloud platform (July 2024 breach) and and Customer databaseCloud storage (Snowflake).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll Settlement Administration (court-appointed administrator), kroll settlement administration (claims management), law firms (class action settlement), , kroll settlement administration (claims management), , Kroll Settlement Administration (claims processing), Kroll Settlement Administration (managing settlement claims).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Breach 2019: Password resets for affected current customers, Breach 2024: Snowflake access revoked; investigation into credential compromise and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Phone numbers, wireless phone numbers, Interaction counts, Call records, Personal information, call and text records, Cell site IDs, Breach 2024: 109 million records (phone records from 2022), , Addresses, Customer names, Account passcodes, law enforcement wiretap systems, Breach 2019: 73 million records (7.6M current + 65.4M former customers), , Names, Call and text records, Phone Numbers, wireless account numbers, Breach 2: ['Call records (metadata)', 'Text records (metadata)'], , Billing account numbers, Email addresses, addresses, Personal data (e.g., names, contact info), Personal information including Social Security numbers, birth dates, and legal names, Phone records, Call frequencies, Social Security Numbers (SSNs), Social Security numbers (SSNs), Call Records (phone numbers, aggregate call duration, cell site details), potential recruitment/applicant/employee data, phone numbers, Customer Proprietary Network Information (CPNI), Passcodes, Dates of birth, Birthdates, dates of birth, personal records (576,686), text messages, number of lines on an account, Call and text logs, Social Security Numbers, Billing numbers, Phone numbers (July breach), names, Call/Text Metadata (May 1, 2022 – Oct 31, 2022), Call logs, Personal data (names, SSNs, DOBs), AT&T-specific fields (March breach), Email IDs, Call records (telephone numbers interacted with, call frequency, cell site identification numbers), customer first names, Breach 1: ['Addresses', 'Social Security numbers', 'Birthdates', 'Passcodes', 'Billing numbers', 'Phone numbers'], , Billing Numbers, phone calls, email addresses and wireless rate plan.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 745.7M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $177M settlement (proposed), $177 million (settlement, not a fine), $177 million (settlement, not a fine), $177 million (settlement), $177 million (settlement amount, not a fine), $177 million (settlement, not a fine), $177 million (settlement).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class-action lawsuits settled (no admission of wrongdoing), Class-action settlement ($177 million), Class action lawsuits consolidated (settled for $177M), Two arrests for 2024 breach, , Class-action lawsuits (two consolidated cases), Class-action lawsuit settlement, , Class-action lawsuits (two consolidated cases), Federal/state lawsuits, , Class-action lawsuit settled, Class action lawsuits consolidated in federal court; settlement approved pending final hearing (January 15, 2026), Class-action lawsuit; multidistrict litigation, Class action lawsuit, , Class-action lawsuit settlement, Multiple lawsuits consolidated in U.S. Northern District Court of Texas, Court-ordered settlement, Class-action lawsuits, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-up scams targeting breach victims are common; verification of communications is essential.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enable multi-factor authentication (MFA) on all accounts., Provide affected customers with long-term identity theft protection and credit monitoring services., Enhance customer communication and support during and after breaches., Invest in AI-driven threat detection and zero-trust architectures., Implement stricter monitoring for dark web leaks and unauthorized data access., Accept free monitoring services offered by the breached company., Improve incident response transparency and timeliness in public disclosures., Strengthen compliance with data protection regulations to mitigate future legal and financial risks., Implement stricter breach notification timelines and regulatory compliance measures., Companies should ensure breach notifications are detailed and actionable, with clear steps for affected individuals., Implement basic cyber defenses and enforce cyber risk-management planning., Change AT&T account passwords and avoid reuse elsewhere., Document out-of-pocket losses (e.g., credit monitoring, fraud fees) to strengthen claims., Monitor dark web activity for leaked corporate data proactively., Monitor official communications ([email protected]) and avoid phishing scams., Beware of phishing attempts referencing 'AT&T Careers' or 'application portal'., Advocate for stronger data protection measures in the telecom industry., Implement zero-trust architecture for third-party cloud providers., File claims promptly with Kroll Settlement Administration to maximize payout eligibility., Telecom firms should prioritize upgrading security protocols to prevent similar breaches., Accelerate breach disclosure timelines to comply with regulations and maintain transparency., Enhance data encryption and access controls, especially for third-party cloud platforms., Monitor financial accounts for suspicious activity for at least several months post-breach., Freeze credit if SSNs or highly sensitive data are exposed., Be vigilant against phishing scams impersonating the breached company or offering 'help'., Follow official AT&T channels for notifications, not unsolicited links., Enable 2FA on all critical accounts to reduce the risk of unauthorized access., Conduct regular audits of third-party vendor security practices., AT&T should investigate third-party vendor risks as a potential breach source., Monitor financial statements, credit files, and communications for suspicious activity., Customers should change passwords for all accounts, not just the breached one, if password reuse is suspected., Enhance dark web monitoring for leaked credentials/data. and Offer credit monitoring for victims of PII exposure..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are YouTube (Advertisement/Report), California Office of the Attorney General, Everest ransomware group dark web leak site, Hackread.com, CBS News, Rolling Out, Topeka Capital-Journal, US District Court (Northern District of Texas), The Economic Times, USA TODAY, NBC DFW, Business Insider, Altitudes Magazine, AT&T Data Incident Settlement Website, Yahoo News, Court documents, Data Doctors (article referenced in description), AfroTech, Kroll Settlement Administration, Federal Trade Commission (FTC) Warnings on Telecom Data Misuse, AT&T Data Incident Settlement Official Website (Kroll Settlement Administration), Vermont Office of the Attorney General, Kroll Settlement Administration (AT&T Data Breach Settlement), AT&T Data Breach Settlement Official Site, United States District Court for the Northern District of Texas, AT&T Settlement Website, Rossen Reports (Good Morning America), Associated Press (AP), KTVU FOX 2, Kroll Settlement Administration News Release, Top Class Actions, AP News, FBI Statement on Disclosure Delay, PIX11, WORLDSTARHIPHOP (X/Twitter), Telecom Data Settlement Website, CNET, MSN, AT&T Press Release (March 30, 2024), CT Insider, Kroll Settlement Administration (Official Settlement Website), AT&T Press Release (July 12, 2024) and Kroll Settlement Administration (Claims Portal).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cjonline.com, https://www.TelecomDataSettlement.com, https://www.telecomdatasettlement.com, https://www.cnet.com/tech/mobile/att-data-breach-settlement-how-to-file-a-claim-and-how-much-you-could-get/, https://telecomdatasettlement.com, https://www.hackread.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (settlement approval hearing scheduled for December 3, 2024).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Emails sent to affected customers ([email protected]); public news releases, Customers advised to file claims by November 18, 2024, Customers notified via email with Class Member IDs., Public settlement website with claim forms., Media announcements (CNET, other tech outlets), Customers notified via email ([email protected]); Claims deadline: Nov 18, 2024, Customers advised to file claims by the extended deadline and submit documentation for losses., Email notifications via [email protected], Settlement website for claims (deadline: Nov. 18, 2024), Opt-out deadline for independent lawsuits: Oct. 17, 2024, Customers advised to file claims before November 18, 2025, Customers advised to file claims by December 18, 2025, via the official settlement website. Options to opt out or object by November 18, 2025, are available for those wishing to pursue individual legal action., Customers advised to file claims by December 18, 2025 (extended deadline)., Free credit monitoring and identity theft protection offered for up to 3 years., Documentation required for reimbursement of losses exceeding basic claim amounts., Customers advised to change passwords, enable 2FA, monitor accounts, and freeze credit if necessary., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Claim forms available at www.TelecomDataSettlement.com; deadline: November 18, 2024, Eligible customers (2015–2023) instructed to visit www.telecomdatasettlement.com to submit claims using their settlement claim ID, name, phone number, or account information., File claims by Nov. 18, 2025 via telecomdatasettlement.com or mail.Documented losses may increase payout (up to $5K for 2019, $2.5K for 2024).Check spam folders for Class Member ID notifications.Call 833-890-4930 for assistance., Eligible for compensation up to $7,500 (documented losses); Tiered cash payments for PII exposure, Beware of scams; official notices come only from [email protected] the provided Class Member ID or AT&T account credentials to file claims.Mail-in claims must be postmarked by the submission deadline (address: AT&T Data Incident Settlement c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324)., Applicants/employees advised to change passwords, enable MFA, and monitor for fraud.Official guidance from AT&T pending., Eligible customers can claim up to $7,500 (if affected by both breaches)Tiered compensation based on SSN exposure (first breach) or documented loss (second breach)Claims process opened Aug. 4, 2024, Check eligibility via official settlement site using name, email, account number, or settlement ID. Claims can be filed online or by mail., Affected customers should gather documentation (e.g., proof of identity, records of losses) to support their claims. Maximum payouts: $5,000 (March 2024 breach), $2,500 (July 2024 breach), or $7,500 combined for those impacted by both. Payments are pro rata based on total claims., Check eligibility for settlement claims via the official portal or by mail.No proof of AT&T service required for basic eligibility.Opt-out option available for those wishing to pursue independent legal action.Public urged to remain vigilant against phishing scams and identity theft attempts., Change passwords immediately, even if the company states passwords weren’t accessed.Enable 2FA on all accounts.Monitor bank and credit card transactions for fraud.Freeze credit if SSN or highly sensitive data was exposed.Accept free credit/identity monitoring offered by AT&T.Beware of follow-up scams impersonating AT&T or offering assistance., Customers advised to submit claims by December 18, 2025, for potential compensation up to $7,500, Claims deadline: December 18, 2024, Compensation claims open until Dec. 18, 2025 and Settlement payout eligibility announcements.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-party cloud platform, Dark Web File-Sharing Site and Third-party cloud storage (Snowflake).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was breach_2019: Unknown (poor data protection or insider threat), breach_2024: Weak credential management for Snowflake access; lack of multi-factor authentication (MFA) or IP restrictions, , Inadequate protection of sensitive customer data (e.g., SSNs, call records).Vulnerabilities in third-party cloud platform security (July 2024 breach).Failure to prevent data exfiltration to the dark web (March 2024 breach)., Outdated security protocolsInadequate encryption and monitoringVulnerability to sophisticated hacking attempts, Third-party cloud platform compromise, Failure to safeguard dataThird-party compromise.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Settlement payouts to avoid litigation; no technical remediation details disclosed, Settlement fund for victims.Assumed: Strengthened third-party access controls (e.g., MFA for Snowflake).Proactive password resets for affected users (2019).Legal accountability (arrests for 2024 breach)., Financial compensation for affected customersExtended claim-filing windowPublic awareness campaigns about phishing risks, Settlement payouts, customer compensation tiers, $177 million settlement fund for affected customers.Enhanced legal and administrative processes for claims verification.Public acknowledgment of harm and need for accountability (though no admission of wrongdoing)., Settlement agreement includes commitments to improve encryption and monitoring.Enhanced data security measures implemented post-breach.Public awareness campaigns to inform affected customers., $177 million settlement to affected customers.Provision of free credit/identity monitoring services.Public communication and advisories to guide customer response..
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=att' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
