AT&T got Sued for Negligence After Admitting that 73 Million Customer Records Were Exposed in a data breach.
No less than 10 class action lawsuits have already been filed against AT&T in the past few days since they acknowledged the data breach.
The telecom giant admitted that a 2021 cyberattack exposed sensitive information of 73 million customers.
The lawsuits accuse the company of negligence for failing to adequately protect peoples’ private data.
The exposed data includes AT&T customers’ names, addresses, phone numbers, dates of birth, Social Security Numbers, and email addresses.
One of the major AT&T class action lawsuits is being led by the notable law firm Morgan & Morgan. They argue that AT&T knew about vulnerabilities in their systems but did not act quickly enough to address them.
This law firm recently handled an Incognito privacy lawsuit against Google, pushing the tech giant into a settlement after four years of fighting in the courts.
AT&T Class Action Lawsuit
The ongoing class action lawsuit revolves around a data breach that was initially disclosed in 2021 by a threat actor named Shiny Hunters. At the time, Shiny Hunters claimed to have hacked AT&T and attempted to sell the compromised data.
However, AT&T disputed these allegations, stating that the leaked data samples did not originate from their systems. The lawsuit is centered around clarifying the source and authenticity of the leaked data, as well as addressing any potential negligence in safeguarding customer information.
On March 17, 2024, a different threat actor called ‘MajorNelson’ released the entire database on a hacking forum without charge, confirming that it was the same data from the Shiny Hunters’ attack. Despite this, AT&T reiterated that the leaked data did not appear to originate from their systems, and they found no evidence of a breach.
However, after conducting an internal investigation, the telecommunications company eventually acknowledged on March 30, 2024, that the exposed data did indeed belong to approximately 7.6 million current AT&T account holders and around 65.4 million former account holders.
Moreover, AT&T disclosed that the leaked information included AT&T passcodes for the 7.6 million affected customers.
The disclosed AT&T passcodes, when properly configured, serve as a security measure for accessing customer support and conducting sensitive account modifications. However, the exposure of this data to threat actors could potentially facilitate unauthorized access to accounts.
AT&T has indicated that they believe the leaked data dates back to 2019 or earlier. However, they have been unable to definitively determine whether it originated from their own systems or those of a partner.
The initial denials by AT&T, as well as subsequent statements, regarding the origin and authenticity of the leaked data, coupled with the delay in conducting thorough investigations, have exposed customers to an increased risk of scams and phishing attacks for nearly three years, if not longer.
AT&T Accused of Serious Charges
The complaint against AT&T alleges that the company’s insufficient security measures and delayed, insufficient notification about the data breach have exposed customers to significant risks, such as identity theft and various types of fraudulent activities.
“The lawsuit accuses AT&T of negligence, breach of implied contract, and unjust enrichment.”
The legal action seeks compensatory damages, restitution, injunctive relief, enhancements to AT&T’s data security protocols, regular audits in the future, credit monitoring services funded by the company, and a trial by jury.
These requested remedies aim to address the harm caused, ensure improved security practices, and provide necessary support and protection for affected individuals.
A Morgan & Morgan spokesperson made a comment regarding the litigation:
“As the largest telecommunications company in the country, AT&T has a crucial duty to safeguard their current and former customers’ sensitive information.
We allege AT&T knew about the vulnerability that allegedly led to this breach, but allowed it to occur by failing to act.
We’re also alleging AT&T exacerbated the problem by failing to acknowledge the breach had occurred until March 30 of this year, allowing customers’ personal data to linger in criminal hands without their knowledge for more than two-and-a-half years.
We will fight to hold AT&T accountable for their alleged actions and inactions that allowed this to happen, and secure justice for all 73 million Americans impacted by this attack on their privacy.”
Morgan & Morgan spokesperson
If found liable, the total payout could be in the billions for AT&T due to the enormous scale of the data leak.
There have been several other class-action lawsuits recently filed against AT&T. These include cases brought by plaintiffs Williamson, Escano, Collier, and Cumo.
It is expected that these lawsuits will undergo a process of consolidation in the future.
This is a developing story and we will keep you updated if any major developments emerge from these lawsuits.
