AT&T Data Breach Class Action and Arbitrations

Up to 70+ million current and former AT&T customers had their personal information exposed to the dark web including:

• Social Security numbers (SSNs) 
• AT&T account passcodes 
• Addresses 
• Emails 
• Phone numbers 
• Birthdates

Hold AT&T accountable. Talk to one of our lawyers and learn about our class action lawsuit demanding that AT&T pay for the harm we allege it failed to protect its customers from. 

Our award-winning team has developed a method to check whether you may be affected by the AT&T cybersecurity breach. If you believe you are affected, contact us for a free confidential evaluation of your claims. 

Our data breach attorneys have extraordinary experience and expertise in this area. Gibbs Law Group partner David Berger was appointed co-lead counsel to fight for over 10 million MGM customers whose information was stolen in a similar data breach in 2020. 

At the end of March 2024, AT&T acknowledged that over 70 million of its current and former customers’ personal data was found on the “dark web.” AT&T has begun notifying millions of customers who are affected by this massive AT&T cybersecurity breach. Additionally, the company said it has already reset the passcodes of current users and will be communicating with account holders whose sensitive personal information was compromised. 

Gibbs Law Group’s class action lawsuit against AT&T, filed on April 6, 2024, is seeking compensation for the data breach victims and demanding that AT&T fix its apparently ineffective information security systems to protect the data from future data breaches.  

Following the class action lawsuit, our team is now representing AT&T data breach victims in individual arbitrations.

AT&T has started sending data breach notices via mail to some customers. The full notice looks similar to the text below:

“At AT&T, we take the security of your data very seriously. We’re writing to inform you that AT&T has determined that some of your personal information was compromised. To help protect your identity, we’re offering you one year of complimentary credit monitoring, identity theft detection and resolution services provided by Experian’s® ldentityWorksSM. While this service is free, you must follow the enclosed instructions to enroll if you haven’t already taken action based on our previous communication.

What happened? On March 26, 2024, we determined that AT&T customer information was included in a dataset released on the dark web on March 17, 2024.

What information was involved? The information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode. To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier.

What is AT&T doing to help? We’re offering you the complimentary credit monitoring, identity theft detection and resolution services described above. We’ve also taken precautionary measures and reset your passcode. A passcode is a numerical PIN, usually four digits, used in addition to your password as an-extra layer of protection for your account. Additionally, we launched a robust investigation supported by internal and external cybersecurity experts, and we are regularly reviewing and updating the measures we take to protect your information.

What can you do?

Stay vigilant. We recommend that you review the enclosed Information About Identity Theft Protection and encourage you to remain vigilant by monitoring your personal accounts and credit reports for any suspicious activity. If you want to personalize your passcode we reset for you, you can do so online at att.com/signin, MyAT&T app, or call customer care at 800.924.0962.

Watch out for suspicious calls or emails. We also recommend that you remain alert for unsolicited communications seeking your personal information. You should be cautious about entering your username and password on links provided through emails, even if it looks like the company’s website. The safest route is to go directly to the company’s website to log in.

We apologize this has happened. We’re committed to keeping your information secure. Please do not hesitate to call us at 800.924.0962 Monday through Friday, 8 a.m. to 9 p.m. CST, or visit at att.com/accountsafety if you have questions regarding this matter.

Sincerely,

AT&T”

Our award-winning team has developed a method to check whether you may be affected by the AT&T cybersecurity breach. If you believe you are affected, fill out the form below for a free confidential evaluation of your claims.

Additionally, AT&T is in the process of sending out direct notices to current and former customers affected by the cybersecurity breach.  If you receive a notice like the one below, letting you know that you were affected, contact our law firm for a free, confidential evaluation of your claims. 

The notice provides details of the types of personal information compromised in the breach, including Social Security numbers, birthdays, account passcodes, full names, emails, addresses, and phone numbers. AT&T specifies that the affected data was from 4 years ago and prior. 

Below is the full data breach email notice AT&T sent out to some customers. In our opinion, AT&T is not doing enough to help its customers.

“We take cybersecurity very seriously and privacy is a fundamental commitment at AT&T. 

We have discovered that your AT&T account passcode has been compromised, therefore we have proactively reset your passcode. 

Our internal teams are working with external cybersecurity experts to analyze the situation. It appears the data is from more than 4 years ago and does not contain personal financial information or call history. 

What information was involved?
The information varied by customer and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode. 

If your sensitive personal information was compromised, we will provide complimentary identity theft and credit monitoring services. 

What is AT&T doing?
We’ve taken precautionary measures and reset your passcode, which is an extra layer of protection for your account. When you sign in to your online account or call customer care, we’ll provide details to help you personalize your passcode. 

What can you do?
In addition to resetting your AT&T passcode, we encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com. 

More Information
Visit www.att.com/accountsafety for more information and updates. 

We apologize this has happened and are committed to keeping your account secure. 

AT&T”

Read our press release on our class action lawsuit against AT&T here:  

• Gibbs Law Group Files Class Action Lawsuit on Behalf of AT&T Data Breach Victims 

Gibbs Law Group is a national law firm committed to protecting the rights of our clients who have been harmed by corporate misconduct.  

 Our firm has years of experience litigating data breach cases against corporations such as: 

• T-Mobile 
• Comcast 
• MGM Resorts 
• Sequoia Benefits 
• Equifax 
• Anthem 
• US Fertility 

Our work has resulted in meaningful recoveries for our clients and has helped to shape the laws impacting plaintiffs’ rights in a variety of practice areas. 

If you still have questions or concerns, please feel free to reach out. 

David Berger represents consumers in class action lawsuits with a special emphasis on data breach, privacy, and financial services litigation. He previously represented consumers in a data breach lawsuit against Equifax, resulting in a historic $1.5 billion settlement on behalf of 147 million consumers whose Social Security numbers and other private data were exposed in a 2017 breach.

David has represented consumers in some of the largest and most influential privacy and data breach cases in the country and has repeatedly attained settlements that set the record for the largest data breach settlement in history.  He frequently speaks at conferences on data breach cases and other class action topics. David is a former Chair of the American Association for Justice’s Consumer Privacy and Data Breach Litigation Group.

Federal judge in our AT&T class action: 

“I’ve always found them to be extraordinary counsel in terms of their preparation and their professionalism.” 

Read more about what judges say about us. 

Our firms cannot guarantee any specific results. The prior successful results depended on the facts of each individual case and do not guarantee any result in future cases. Results may differ in your case due to your individual facts, the particular arbitrator assigned to the case, or for other reasons.