AT&T Has Downplayed Severity of Personal Information Released in Data Breach: Lawsuit

AT&T data breach notices to consumers lack critical information on how many customers were affected, what personal information has been posted on the dark web and how the security failure occurred, lawsuit claims.

AT&T faces yet another class action lawsuit over a data breach that exposed the private information of tens of millions of customers on the Dark Web, alleging that the company is continuing to expose customers to unnecessary risk by failing to disclose the extent of personal information released and downplaying the severity of the security failures.

The AT&T data breach occurred in 2021, when the hacker group Shiny Hunters claimed to have capitalized on AT&T security failures and were attempting to sell a database containing sensitive information. While AT&T originally denied the data breach, the company finally admitted to the theft on March 30, after a hacker known as “Major Nelson” released the contents of the database on the Dark Web for free.

According to AT&T, the exposed data dates back to at least 2019, but there are indications that earlier data was also released. The company has yet to identify the source of the unauthorized access or provide details about the AT&T security failures that resulted in the release of customer’s social security numbers and other sensitive personal information.

Current and former customers are only now beginning to receive AT&T data breach notices, informing some of those impacted that their information has been compromised. However, the notices raise more questions than answers they provide, leaving many impacted by the data breach misinformed about the severity of the security failures and impacts they may face from personal information being released.

Although the company has offered limited fraud protection services, a growing number of customers are now filing AT&T data breach lawsuits, which seek substantially greater financial compensation for damages resulting from the release of their personal information, alleging that the problems resulted from a massive failure by AT&T to properly and adequately secure customer names, Social Security number and other data.

AT&T Data Breach Lawsuit

Were you impacted by the AT&T data breach?

Lawyers are reviewing lawsuits for individuals who had their personal information stolen due to the AT&T data breach.

Learn More SEE IF YOU QUALIFY FOR COMPENSATION

One of the latest AT&T lawsuits was brought by Stephen Head in the U.S. District Court for the Northern District of Texas on May 14, seeking class action status to pursue damages for himself and approximately 73 million other customers similary situated.

According to the complaint (PDF), Head received an emailed notice from AT&T on April 17, 2024, advising that “some of your personal information was compromised.” While the notice indicated that the compromised data did not include his personal financial information or call history, he was not advised the specific information that was released or when the breach occurred.

AT&T offered one year of complimentary credit monitoring through Experian’s IdentityWorks. However, by that time Head’s personal identifying information had already been compromised and damage had already been done.

Days before receiving the AT&T data breach notice, Head indicates that he noticed an attempted purchase at an online store using his debit card on April 12. He contacted the bank to freeze his credit and file a fraud case. On April 16, he received a call from an individual purporting to be affiliated with his bank, who had certain personal information and indicated they were calling to confirm additional information as part of their security protocol. However, Head has now confirmed that caller was a scammer.

“[Head] was advised to shut down all of his accounts, which he did; but by then, [his] personal information had been used to secure a $3,579 loan at Navy Federal [Credit Union],” according to the lawsuit. “Other incursions included an attempted auto loan and at least two other attempted charges using his debit card, from as far away as Hawaii. Those attempts were flagged and stopped by Navy Federal.”

After filing a criminal incident report and registering with Experian IdentityWorks, Head indicates he was not surprised to learn that his personal information had been leaked in the AT&T data breach, despite the prior assurances that his financial information was not included in the compromised data.

Weeks later, on May 2, 2024, Head received a mailed AT&T Notice of Data Breach letter, which was dated April 25, 2024. Unlike the prior email, that mailed letter stated that “AT&T has determined that some of your personal information was compromised.”

“[Head] called AT&T after receiving this letter and asked the company to pay him for the loan taken out in his name, for the inconvenience, including lost hours of work, of attending to this Data Breach, and for the ongoing danger this Data Breach has caused to the security of his PII,” according to the complaint. “The AT&T representative advised that the company could not do that.”

As a result, Head had turned to the U.S. legal system to pursue a lawsuit against AT&T over the data breach, seeking damages under theories of negligence, negligence per se, breach of contract, and unjust enrichment.

May 2024 AT&T Data Breach Lawsuit Update

Given common questions of fact and law raised in complaints now being filed throughout the federal court system, a motion to transfer (PDF) was filed with the U.S. Judicial Panel on Multidistrict Litigation (JPML) in April, requesting that lawsuits against AT&T brought throughout the federal district court system be consolidated for pretrial proceedings before one judge as part of an AT&T data breach lawsuit MDL (multidistrict litigation). The motion requests the litigation be consolidated in the Northern District of Texas, where the majority of complaints have been filed.

The petition argues that due to the extensive nature of the data breach and the likelihood of the litigation to grow in the coming months and years, it is appropriate to centralize the claims to streamline the process, prevent inconsistent rulings, and facilitate the proceedings for both the court and the involved parties.

The JPML is scheduled to hear oral arguments on the motion at an upcoming hearing session scheduled for May 30, 2024, at the Orrin G. Hatch U.S. Courthouse in Salt Lake City, Utah. If the panel decides to consolidate the AT&T class action lawsuits, complaints filed throughout the federal court system will all be transferred to one judge for pretrial proceedings, to reduce duplicative discovery into common issues in the cases, avoid conflicting orders and serve the convenience of common witnesses, parties and the judicial system.


Find Out If You Qualify For a AT&T Data Breach Settlement

7 Comments

  • JulieMay 24, 2024 at 1:09 am

    Monitoring our credit is unexceptable!!! The damage has been done and we don’t know how long this will affect us financially!

  • RobbinMay 19, 2024 at 8:47 pm

    All my history was shared on the dark web. I am outraged!! Credit karma, Experian and others have reached out to me about personal information being used. Strange people are contacting me by phone and email. My phone has been hacked, and somehow they have been able to leave messages in my drive on my phone. Their was no warning or protection on my behalf. Not even an offer to notify me. It's absur[Show More]All my history was shared on the dark web. I am outraged!! Credit karma, Experian and others have reached out to me about personal information being used. Strange people are contacting me by phone and email. My phone has been hacked, and somehow they have been able to leave messages in my drive on my phone. Their was no warning or protection on my behalf. Not even an offer to notify me. It's absurd I have been a loyal customer for almost a decade!!

  • JessicaMay 19, 2024 at 7:55 pm

    My account with AT&T was hacked more than once and never once did they try to compensate or do anything about it. And I finally had enough of it when my information was leaked out this past March along with my bank information. I switched over to Verizon and now they’re trying to charge me, almost $5000 I’ve dealt with my information being compromised since back in 2020. I am done with them. Will [Show More]My account with AT&T was hacked more than once and never once did they try to compensate or do anything about it. And I finally had enough of it when my information was leaked out this past March along with my bank information. I switched over to Verizon and now they’re trying to charge me, almost $5000 I’ve dealt with my information being compromised since back in 2020. I am done with them. Will never go back to AT&T ever again.

  • JeanMay 19, 2024 at 5:21 am

    I wasn’t notified I have fraud alert on my credit report and they saw it on the dark web when they scan my information on interent

  • JoeMay 18, 2024 at 9:47 pm

    I don’t know if I suffer anything from this or not

  • LesaMay 18, 2024 at 4:00 pm

    Devastated

  • CeceliaMay 17, 2024 at 9:24 pm

    I continue to have issues with being hacked AT&T SUCKS

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

MDL Judge Schedules Ozempic Lawsuit Status Conferences Throughout 2025
MDL Judge Schedules Ozempic Lawsuit Status Conferences Throughout 2025 (Posted today)

With the first Ozempic lawsuit bellwether trials not expected to begin until at least late 2026 or early 2027, the court will address motions to dismiss and other “cross cutting” issues in 2025.