Dallas-based telecommunications company AT&T is facing a class-action lawsuit over a security breach that compromised months worth of data from nearly all its customers in 2022.
Dina Winger, who’s been an AT&T customer for more than 15 years, filed the suit in North Texas federal court Friday. It was the same day AT&T announced it learned in April customer data was illegally downloaded onto a third-party cloud platform.
The suit alleges AT&T failed to safeguard its customers private personally identifiable information — which the company collected and benefited from — exposing customers like Winger to blackmail, identity theft, fraud and other risks.
“If AT&T had implemented the requisite, industry-standard security measures and exercised adequate and reasonable care, data thieves would not have been able to take the PII of Plaintiff and Class Members,” the suit reads.
Attorneys for Winger and the class of affected plaintiffs were not immediately available for comment. An AT&T spokesperson directed KERA News to the company’s July 12 press release when asked for comment on the negligence allegations.
The company has taken steps to "close off the illegal access point" and is working with law enforcement to arrest those involved, according to the press release. At least one person has been apprehended, according to the press release.
AT&T says its investigation shows the compromised data included records of phone calls and text messages from May 1, 2022, to Oct. 31, 2022, as well as some records from Jan. 2, 2023 for a “very small” number of customers.
These include records of other phone numbers an AT&T wireless number interacted with, including landlines. Some records include cell site identification numbers associated with the interactions.
The compromised data does not include the content or time stamps of calls or texts, Social Security numbers, dates of birth or other personally identifiable information, AT&T said, stipulating there are other ways to find names associated with a phone number online. The company says it doesn’t believe any of the data is publicly available.
This is separate from a March security breach that affected about 73 million current and former AT&T account holders. That stolen data may have included customers’ names, addresses, social security numbers, passcodes, email addresses, phone numbers, dates of birth and AT&T account numbers.
The suit accuses AT&T of not being transparent about the nature and extent of all the recent security breaches.
According to the Texas Attorney General’s data breach report site, 7.6 million Texans were affected by the March breach.
Copyright 2024 KERA