Skip to content
Revolutionize Your Financial Journey with Smart FinanceProtect Your Finances OnlineStreamline Your Finance with Cloud Computing

Data breach at AT&T in 2023 cost the company $13M; worse instances have occurred since then.

Cybersecurity issues persist in the telecommunications sector, causing significant harm. AT&T isn't the only company grappling with a recurring pattern of major breaches, resulting in the exposure of customer data.

 and  Administrator
3 min read
Data breach incident at AT&T in 2023 results in a $13M settlement. Recent occurrences show even...
Data breach incident at AT&T in 2023 results in a $13M settlement. Recent occurrences show even more severe data leaks.

Data breach at AT&T in 2023 cost the company $13M; worse instances have occurred since then.

**AT&T Faces $13 Million Fine Over Data Breach Exposing 8.9 Million Customers**

In a significant turn of events, telecommunications giant AT&T has agreed to pay a $13 million settlement to the Federal Communications Commission (FCC) following a data breach that exposed the personal information of 8.9 million customers in January 2023. This settlement is a part of ongoing efforts to strengthen data governance practices and supply chain security within the company.

The recent data breach is not the first time AT&T has faced such issues. The history of data breaches involving AT&T centers on two major incidents affecting millions of customers and exposing sensitive personal information, significantly impacting customer data security.

The first breach, revealed by Shiny Hunters in 2021, involved a hack that started in 2019. AT&T initially denied the data originated from their systems, but in March 2024, the company confirmed the breach did indeed belong to them, involving data of approximately 73 million individuals. This breach included sensitive information such as addresses, Social Security numbers, and encrypted login passcodes—which were later found to be easily decipherable—posing major risks of identity theft and unauthorized access.

A separate breach was uncovered in July 2024, involving AT&T’s cloud storage provider, Snowflake. This hack compromised call and text metadata for nearly 110 million U.S. customers from May to October 2022. Although personal names were not directly linked to this dataset, the scale and nature of the exposed metadata raised serious privacy concerns.

These breaches exposed highly sensitive personal and communication data, increasing risks of identity theft, fraud, and privacy violations for millions of AT&T customers. The situation forced AT&T to reset customer passcodes and alerted law enforcement and cybersecurity experts, highlighting vulnerabilities in their data protection practices.

As a result, multiple class action lawsuits accused AT&T of insufficient customer data protection, leading to a preliminary court-approved settlement in 2025 where AT&T agreed to pay approximately $177 million in compensation. The settlement comprises $149 million for the 2024 breach victims and $28 million for those affected in 2019, with payouts up to $5,000 depending on individual impact.

Zeus Kerravala, founder and principal analyst at ZK Research, stated that the data privacy governance improvements AT&T agreed to should have already been part of its standard process. The FCC stated that AT&T failed to ensure its vendor adequately protected customer proprietary network information. A spokesperson for AT&T said that protecting customer data remains one of its top priorities, and the company is making enhancements to how it manages customer information internally and implementing new requirements on its vendors' data management practices.

This settlement is a result of a serious breach, but repeated security lapses indicate a pattern for AT&T. The breach exposed data on nearly all of AT&T's customers, leading to the company no longer working with the third-party vendor involved in the data breach. The events underscore the challenges large telecom companies face in safeguarding vast amounts of sensitive customer information.

[1] https://www.bbc.com/news/technology-56257795 [2] https://www.reuters.com/article/us-att-cyberattack-idUSKCN2H520Q [3] https://www.wired.com/story/att-data-breach-exposed-personal-info-of-70-million-customers/ [4] https://www.nytimes.com/2024/07/21/technology/att-data-breach-snowflake.html [5] https://www.cnet.com/tech/security/att-to-pay-177-million-in-data-breach-settlements/

  1. The ongoing efforts to strengthen data governance practices and supply chain security within AT&T, as demonstrated by the $13 million settlement, are in response to a significant data breach that exposed 8.9 million customer records in January 2023.
  2. AT&T's history of data breaches includes two major incidents affecting millions of customers, with the first taking place in 2021, where Shiny Hunters revealed a hack that originated in 2019, exposing sensitive personal information of approximately 73 million individuals.
  3. In addition to the initial denial, the 2021 breach also involved a compromise of call and text metadata for nearly 110 million U.S. customers from May to October 2022, due to a hack on AT&T’s cloud storage provider, Snowflake.
  4. The repeating pattern of security lapses at AT&T, as indicated by these breaches, has resulted in multiple class action lawsuits, resulting in a preliminary court-approved settlement in 2025, which required AT&T to pay approximately $177 million in compensation to the victims.

Read also:

    Related

    Latest