Skip to main content
close search
site logo
Dive Brief

AT&T hit with class action suit over massive data breach

The breach was a “direct result” of AT&T’s failure to implement adequate cybersecurity procedures, the suit alleges.

Published April 2, 2024
Alexei Alexis's headshot
Reporter
AT&T To Merge Warner Media With Discovery
A sign is posted in front of an AT&T retails store on May 17, 2021 in San Rafael, California. Justin Sullivan / Staff via Getty Images

First published on

CFO Dive

Dive Brief:

  • AT&T is facing a class action lawsuit stemming from its recent disclosure of a massive data security breach impacting as many as 73 million current and former customers.

  • The telecommunications giant disregarded the rights of class members by “intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions,” among other alleged missteps, according to the plaintiff, Ohio resident Alex Petroski. The suit, filed Saturday in the U.S. District Court for the Northern District of Texas, identifies Petroski as a former AT&T wireless customer.

  • “As a result of the data breach, plaintiff and class members have been exposed to a heightened and imminent risk of fraud and identity theft,” the complaint says.

Dive Insight:

Data security breaches and related costs have skyrocketed in recent years, causing headaches for C-suite leaders.

The FBI’s Internet Crime Complaint Center received a record 880,418 cybercrime complaints from the American public in 2023, with potential losses exceeding $12.5 billion, according to a report released last month. This is nearly a 10% increase in complaints and represents a 22% spike in losses compared to 2022, the report said.

In 2022, T-Mobile agreed to pay $350 million to settle multiple class-action suits stemming from a 2021 cybersecurity breach. The company also agreed to spend an extra $150 million on data security and “related technology” through 2023.

In a notice posted on its website on Saturday, AT&T said it determined that “data-specific fields” from the company were contained in a data set released on the “dark web” about two weeks ago. Based on a preliminary analysis by the company, the data set appears to be from 2019 or earlier, impacting about 7.6 million current AT&T account holders and about 65.4 million former account holders, the notice said.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the company said, adding that the incident has not had a material impact on AT&T’s operations so far.

The company said it will be offering credit monitoring services at its expense “where applicable.” 

The compromised data varied by customer and account, but may have included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, and AT&T account numbers and passcodes, the company said in a set of frequently asked questions.

The suit alleges the breach was a “direct result” of AT&T’s failure to implement adequate and reasonable cybersecurity procedures and protocols.

“Defendant could have prevented this data breach by, among other things, properly encrypting or otherwise protecting their equipment and computer files containing PII,” the complaint says.

The company was required to protect the data from unauthorized access and disclosure under the Federal Trade Commission Act, as well as contractual obligations and industry standards, according to the suit, which seeks damages, among other forms of relief.

Petroski is being represented by Kendall Law Group PLLC, Milberg Coleman Bryson Phillips Grossman PLLC, and Hausfeld LLP.

A spokesperson for AT&T didn’t immediately respond to a request for comment.

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell