Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

AT&T faces at least 10 class action lawsuits in Texas after data breach

By Irving Mejia-Hilario The Dallas Morning News

Dallas-based telecommunications giant AT&T is fighting 10 class action lawsuits from separate Texas law firms after 73 million former and current account holders had private information leaked in a data breach.

The suits claim the data breach at AT&T has caused emotional and financial distress for its account holders and was a result of negligence from the company. Some lawsuits say the company owes customers refunds as it failed to protect user information.

The data breach affected approximately 7.6 million current account holders and 65.4 million former account holders. It resulted in the loss of sensitive information like names, email and mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and passcodes.

The company’s alleged negligence will result in big consequences, said William Federman, an attorney with Oklahoma City-based law firm Federman and Sherwood.

“At the end of the day, AT&T is going to have to face the music,” Federman said. “What it did here was inadequate, clearly. There’s no reason this should have happened. They should stand by their consumers and do what’s right for them.”

The firm has a Dallas office and has filed a class action lawsuit against AT&T seeking monetary compensation for its clients and changes to the company’s security and data management.

AT&T declined an interview request and further comment with The Dallas Morning News.

The company has previously said it’s launched an investigation to determine who was impacted and how the breach happened. AT&T says it has not affected operations and some account holders will be entitled to free credit monitoring.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” AT&T said in a statement. “The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.”

Houston-based Foster Yarborough PLLC has also opened a class action lawsuit against AT&T and it’s hoping to gain financial compensation for its clients as well as addressing the company’s cybersecurity protocols.

“The consequences and ramifications have never been worse. Increasingly, our lives are lived online, and we must be able to trust the companies that we pay to protect and safeguard all of our data,” said Patrick Yarborough, an attorney with the firm. “We want accountability and we want change.”

The News reached out over the phone to various other Texas groups that filed a class action lawsuit like The Kendall Law Group and Steckler Wayne & Love Law Firm but did not hear back at the time of publication.

For Federman, AT&T’s lack of transparency has been one of the most worrying fallout effects from the data breach, he said.

“You’re not supposed to have a data breach where you lose people’s sensitive information,” he said. “Now, AT&T is not being forthcoming about how and why the breach took place. There’s been some really important details missing from their announcements and people deserve to know.”

In December 2023, the Federal Communications Commission updated its rules around security breaches for the first time in 16 years. The new rules expanded the type of data that needs to be protected, enhanced the definition of what a breach is, added more requirements for who needs to be notified after a breach and much more.

The dataset from the data breach is potentially from 2019 and earlier, making it even more alarming for Yarborough and his clients, he said.

“There’s reason to believe this data has been in the wrong hands for years. Discovery will reveal the extent to which AT&T knew or should have known about this,” he said. “I’m very confident the facts already establish AT&T’s liability, without any doubt.”

Federman wants to see companies like AT&T be held more accountable if data breaches occur, he said.

“They need to take cybersecurity much more seriously. They need to spend the money, hire the qualified people, give them the tools they need and stay updated on the latest software,” he said. “Whatever cybersecurity they last implemented is now out of date. It failed here. AT&T needs to be at the top of its game.”

With so many affected customers, the biggest challenge may be consolidating lawsuits in the coming years, said Yarborough.

“We’re going to need to get all of the plaintiff’s lawyers together and make sure we’re all rowing in the same direction,” he said. “A lot of this depends on getting the parties organized. I’ve seen cases like this last more than 10 years. So it’s up to AT&T to step up and do the right thing.”

Every suit filed in Texas claims that affected customers are subject to a higher likelihood of identity fraud and that it’s taken a toll on their personal lives. The Oklahoma City firm is seeing the same from its clients, Federman said.

“Just imagine your personal information is out there for the highest bidder anywhere in the world, think about what that would do to you,” he said. “The biggest thing is seeing how hard AT&T wants to fight this. But this is a system that’s failing to protect people. It’s causing them anxiety and sleepless nights. It needs to end.”