DALLAS — AT&T is facing more legal action from customers after a data breach that affected “nearly all” of its customers.
In a lawsuit filed Friday to the U.S. District Court for the Northern District of Texas, a 20-year AT&T customer from Illinois alleges the Dallas-based company had "inadequate security" when it came to protecting customers' data.
This lawsuit alleges AT&T failed "to properly secure and safeguard [customers'] private information including, but not limited to, phone call and text message records for "nearly all" of AT&T's 110 million cellular customers..."
According to the lawsuit, the breach also leaked call records of customers whose cell carriers rely on AT&T's network, like Boost Mobile, Cricket Wireless and Straight Talk Wireless. The lawsuit alleges AT&T was negligent with its customers' data and private information, which breaches the contract between customers and the cell carrier.
WFAA reached out to AT&T for comment but were told the company did not have a statement at this time.
This is the second class action lawsuit AT&T is facing as a result of the data breach. The first came in July when another long-time customer alleged AT&T “has not been transparent about the nature and extent of data security lapses impacting its customers."
The compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 - Oct. 31, 2022, as well as in January 2023, the company said last week.
AT&T said at the time the data is not believed to be publicly available. AT&T said the data does not include the content of calls or texts or other personal information like Social Security numbers, dates of birth.
“We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity,” AT&T said earlier this month. “We have taken steps to close off the illegal access point. We are working with law enforcement in its efforts to arrest those involved in the incident. We understand that at least one person has been apprehended.”
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” AT&T added. “Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information."