Latest news with #IdentityTheftResourceCenter
CNET
18 hours ago
- Business
- CNET
AT&T's $177 Million Settlement Will Pay Victims of Two Huge Data Breaches. Learn Who Qualifies
AT&T's settlement stems from two data breaches inn 2019 and 2024. AT&T/CNET Of the 1,350,835,988 notices sent to subjects of data breaches in 2024, almost a tenth of those came from a hack of AT&T servers in April, according to to the Identity Theft Resource Center's 2024 Annual Data Breach Report. The telecom giant now plans to settle a lawsuit for that breach and another in 2019 for a whopping $177 million. On Friday, June 20, US District Judge Ada Brown granted preliminary approval to the terms of a proposed settlement from AT&T that would resolve two lawsuits related to the data breaches. The current settlement would see AT&T pay $177 million to customers adversely affected by at least one of the two data breaches. The settlement will prioritize larger payments to customers who suffered damages that are "fairly traceable" to the data leaks. It will also provide bigger payments to those impacted by the larger of the two leaks, which began in 2019. While the company is working towards a settlement, it has continued to deny that it was "responsible for these criminal acts." For all the details about we have about the settlement right now, keep reading, and for more info about other recent settlements, find out how to claim Apple's Siri privacy settlement and see if you're eligible for 23andMe's privacy breach settlement. What happened with these AT&T data breaches? AT&T first confirmed the two data breaches last year, announcing an investigation into the first in March before confirming it in May, followed by confirmation of the second one in July. The first of the confirmed breaches began in 2019. The company revealed that around 7.6 million current and 65.4 million former account holders had their data exposed to hackers, including names, Social Security numbers and dates of birth. The company first began investigating the situation last year after it reported that customer data had appeared on the dark web. The second breach began in April of 2024, when a hacker broke into AT&T cloud storage provider Snowflake and accessed 2022 call and text records for almost all of the company's US customers, around 109 million in all. The company stressed that no names were attached to the stolen data, and two individuals were arrested in connection with the breach. Both of these incidents sparked a wave of class action lawsuits alleging corporate neglect on the part of AT&T in failing to sufficiently protect its customers. How will I know if I'm eligible for the AT&T data breach settlement? As of now, we know that the settlement will pay out to any current or former AT&T customer whose data was accessed in one of these data breaches, with higher payments reserved for those who can provide documented proof that they suffered damages directly resulting from their data being stolen. If you're eligible, you should receive a notice about it, either by email or by a physical letter in the mail, sometime in the coming months. The company expects that the claims process will begin on Aug. 4, 2025. How much will the AT&T data breach payments be? You'll have to "reasonably" prove damages caused by these data breaches to be eligible for the highest and most prioritized payouts. For the 2019 breach, those claimants can receive up to $5,000. For the Snowflake breach, the max payout will be $2,500. It's not clear at this time how the company might be handling customers who've been affected by both breaches. AT&T will focus on making those payments first, and whatever's left of the $177 million settlement total will be disbursed to anyone whose data was accessed, even without proof of damages. Since these payouts depend on how many people get the higher amounts first, we can't say definitively how much they will be. When could I get paid from the AT&T data breach settlement? AT&T expects that payments will start to go out sometime in early 2026. Exact dates aren't available right now. The recent court order approving the settlement lists a notification schedule of Aug. 4 to Oct. 17, 2025. The deadline for submitting a claim is currently set at Nov. 18, 2025. The final approval of the settlement needs to be given at a Dec. 3, 2025 court hearing in order for payments to begin. Stay tuned to this piece in the coming months to get all the new details as they emerge, and for more money help, check out CNET's daily tariff price impact tracker.
CNET
2 days ago
- Business
- CNET
AT&T to Pay $177M in Data Breach Settlements. See if You're Eligible
AT&T customers injured by data breaches have been placed into two classes. AT&T/CNET In April 2024, a major data breach of AT&T customer records resulted in a remarkable 110,000,000 victim notices, according to the Identity Theft Resource Center's 2024 Annual Data Breach Report. The price tag for those privacy violations -- combined with another 2019 data breach -- now appears to be set at a similarly impressive $177 million. On Friday, June 20, US District Judge Ada Brown granted preliminary approval to the terms of a proposed settlement from AT&T that would resolve two lawsuits related to the data breaches. The current settlement would see AT&T pay $177 million to customers adversely affected by at least one of the two data breaches. The settlement will prioritize larger payments to customers who suffered damages that are "fairly traceable" to the data leaks. It will also provide bigger payments to those impacted by the larger of the two leaks, which began in 2019. While the company is working towards a settlement, it has continued to deny that it was "responsible for these criminal acts." For all the details about we have about the settlement right now, keep reading, and for more info about other recent settlements, find out how to claim Apple's Siri privacy settlement and see if you're eligible for 23andMe's privacy breach settlement. What happened with these AT&T data breaches? AT&T first confirmed the two data breaches last year, announcing an investigation into the first in March before confirming it in May, followed by confirmation of the second one in July. The first of the confirmed breaches began in 2019. The company revealed that around 7.6 million current and 65.4 million former account holders had their data exposed to hackers, including names, Social Security numbers and dates of birth. The company first began investigating the situation last year after it reported that customer data had appeared on the dark web. The second breach began in April of 2024, when a hacker broke into AT&T cloud storage provider Snowflake and accessed 2022 call and text records for almost all of the company's US customers, around 109 million in all. The company stressed that no names were attached to the stolen data, and two individuals were arrested in connection with the breach. Both of these incidents sparked a wave of class action lawsuits alleging corporate neglect on the part of AT&T in failing to sufficiently protect its customers. How will I know if I'm eligible for the AT&T data breach settlement? As of now, we know that the settlement will pay out to any current or former AT&T customer whose data was accessed in one of these data breaches, with higher payments reserved for those who can provide documented proof that they suffered damages directly resulting from their data being stolen. If you're eligible, you should receive a notice about it, either by email or by a physical letter in the mail, sometime in the coming months. The company expects that the claims process will begin on Aug. 4, 2025. How much will the AT&T data breach payments be? You'll have to "reasonably" prove damages caused by these data breaches to be eligible for the highest and most prioritized payouts. For the 2019 breach, those claimants can receive up to $5,000. For the Snowflake breach, the max payout will be $2,500. It's not clear at this time how the company might be handling customers who've been affected by both breaches. AT&T will focus on making those payments first, and whatever's left of the $177 million settlement total will be disbursed to anyone whose data was accessed, even without proof of damages. Since these payouts depend on how many people get the higher amounts first, we can't say definitively how much they will be. When could I get paid from the AT&T data breach settlement? AT&T expects that payments will start to go out sometime in early 2026. Exact dates aren't available right now. The recent court order approving the settlement lists a notification schedule of Aug. 4 to Oct. 17, 2025. The deadline for submitting a claim is currently set at Nov. 18, 2025. The final approval of the settlement needs to be given at a Dec. 3, 2025 court hearing in order for payments to begin. Stay tuned to this piece in the coming months to get all the new details as they emerge, and for more money help, check out CNET's daily tariff price impact tracker.
CNET
3 days ago
- Business
- CNET
AT&T's 177 Million Data Breach Settlement: Learn Who Qualifies and When Payments Might Come
The telecom giant will likely pay out $177 million to customers hurt by recent data breaches. AT&T/CNET A major hack of AT&T customer records was one of last year's "mega-breaches," according to the Identity Theft Resource Center's 2024 Annual Data Breach Report. The telecom giant may soon be paying a big price for that event and another data breach that occurred in 2019. On Friday, June 20, US District Judge Ada Brown in Texas granted preliminary approval to the terms of a proposed settlement from AT&T that would resolve two lawsuits related to the data breaches. The current settlement would see AT&T pay $177 million to customers adversely affected by at least one of the two data breaches. The settlement will prioritize larger payments to customers who suffered damages that are "fairly traceable" to the data leaks. It will also provide bigger payments to those impacted by the larger of the two leaks, which began in 2019. While the company is working towards a settlement, it has continued to deny that it was "responsible for these criminal acts." For all the details about we have about the settlement right now, keep reading, and for more info about other recent settlements, find out how to claim Apple's Siri privacy settlement and see if you're eligible for 23andMe's privacy breach settlement. What happened with these AT&T data breaches? AT&T first confirmed the two data breaches last year, announcing an investigation into the first in March before confirming it in May, followed by confirmation of the second one in July. The first of the confirmed breaches began in 2019. The company revealed that around 7.6 million current and 65.4 million former account holders had their data exposed to hackers, including names, Social Security numbers and dates of birth. The company first began investigating the situation last year after it reported that customer data had appeared on the dark web. The second breach began in April of 2024, when a hacker broke into AT&T cloud storage provider Snowflake and accessed 2022 call and text records for almost all of the company's US customers, around 109 million in all. The company stressed that no names were attached to the stolen data, and two individuals were arrested in connection with the breach. Both of these incidents sparked a wave of class action lawsuits alleging corporate neglect on the part of AT&T in failing to sufficiently protect its customers. How will I know if I'm eligible for the AT&T data breach settlement? As of now, we know that the settlement will pay out to any current or former AT&T customer whose data was accessed in one of these data breaches, with higher payments reserved for those who can provide documented proof that they suffered damages directly resulting from their data being stolen. If you're eligible, you should receive a notice about it, either by email or by a physical letter in the mail, sometime in the coming months. The company expects that the claims process will begin on Aug. 4, 2025. How much could I get paid from the AT&T data breach settlement? You'll have to "reasonably" prove damages caused by these data breaches to be eligible for the highest and most prioritized payouts. For the 2019 breach, those claimants can receive up to $5,000. For the Snowflake breach, the max payout will be $2,500. It's not clear at this time how the company might be handling customers who've been affected by both breaches. AT&T will focus on making those payments first, and whatever's left of the $177 million settlement total will be disbursed to anyone whose data was accessed, even without proof of damages. Since these payouts depend on how many people get the higher amounts first, we can't say definitively how much they will be. When could I get paid from the AT&T data breach settlement? AT&T expects that payments will start to go out sometime early next year, though exact dates aren't available right now. The final approval needs to be given at the Dec. 3 court hearing in order for payments to being made. Stay tuned to this piece in the coming months to get all the new details as they emerge, and for more money help, check out CNET's daily tariff price impact tracker.
CNET
5 days ago
- CNET
Fewer Identity Theft Reports, Larger Losses: Here's What to Make of Latest Research
Is your data protected? Getty The Identity Theft Resource Center said Tuesday that fewer people contacted it for help over the past year, but also warned that new technologies, including artificial intelligence, are making it increasingly easier for cybercriminals to successfully victimize people. The ITRC mentions that, while fewer people are reporting crimes, the crimes that are reported represent greater financial loss. According to the ITRC's 2025 Trends In Identity Report, a total of 7,580 individuals contacted the nonprofit group with an identity-related concern during the year that ended March 31, 2025, marking a 31% decline from the same period a year ago. That drop followed another decrease the previous year. Additionally, the ITRC said the trend has continued into this year, but it remains unclear as to exactly why. The ITRC said it's possible that criminals are using tech like AI to better target victims, so they don't need to attack as many people. It also theorized that the decrease could be due to "victim fatigue" stemming from the seemingly never-ending string of data breaches and cyberattacks. On the more positive side, the ITRC said the decrease could also be the result of more people taking steps to protect their identities and more companies using better tech to protect their systems from attacks. Of those that contacted the ITRC for help during the past year, 52% reported that their personal information had been misused, meaning that their personal data was stolen and used to do things like open or take over accounts, or to get a job. And 35% said that their personal information was compromised, meaning that it was exposed in a data breach or scam, but had not yet been misused. The group said those numbers mark a switch from previous years, when more people reported that that information had been compromised and fewer said it had been misused. In terms of scams, impersonation scams, where criminals posed as businesses, banks and other legitimate organizations, were the most reported. They more than doubled from the year before and accounted for 34% of total scams reported. More details about the financial consequences of these scams will be available when the ITRC publishes its impact report in October.
The Star
07-06-2025
- The Star
This is the phishing scam that gets an identity theft expert in the US 'really, very angry'
Digital thieves are nothing if not persistent and innovative. They keep finding new ways to try to part you from your money. Phishing – where thieves pose as trusted entities or send legitimate looking emails or messages to trick you into giving them access to your accounts – is a widespread method. And it is constantly evolving. 'We've seen phishing go through the roof,' said Eva Velasquez, the CEO of the Identity Theft Resource Center, a San Diego-based national nonprofit. But knowledge is power. So here are three emerging phishing threats to look out for, according to Internet safety experts. All three threats target key parts of people's digital lives: email attachments that lead to fake login pages, multi-factor authentication trickery and deceptive calendar invites. Spending a few minutes reading these pointers could help you avoid getting your ID or money stolen and save you countless hours of dealing with the fallout. HTML attachments that open fake login pages Imagine a busy professional who is in email action mode. In the past 30 minutes on a Saturday morning, he has filled out emailed liability waivers for his seven children's summer camps, filed an expense report for work, answered a secure portal message from the veterinarian about his sick puppy's prescription, skimmed 182 email subject lines and paid five bills from his email inbox, including a car insurance premium and his beloved cheese-of-the-month club. Amid this flurry of inbound emails, ads, invoices and secure messages, he is working on autopilot: opening messages, skimming, clicking and signing in. What a perfect opportunity. Scammers are taking advantage of user distraction – and their trust – by sending emails with HTM or HTML attachments. When clicked, those open a browser file that looks like secure, familiar login page. These pages might look like secure invoice viewers, file-sharing services like DocuSign or Dropbox, or sign-in pages to platforms including Microsoft 365. 'Once the user enters their credentials, they are sent surreptitiously to the attacker's server,' said Vlad Cristescu, the head of cybersecurity with ZeroBounce, a Florida company that helps businesses lower their rate of bounced marketing emails. Why this method is especially insidious: 'There isn't a clickable link in the email, so standard email security filters (which scan for malicious URLs or attachments like PDFs and ZIPs) may not catch it,' Cristescu added. To prevent this, he added, companies should 'restrict HTML attachments unless essential, and users should treat unfamiliar HTML files the same way they'd treat a suspicious link – don't open it unless you're absolutely sure of the sender.' If you do receive incoming communication with an HTML link or attachment, don't engage, said Velasquez, with the ITRC. 'Don't click on links, people. That's the big, overarching message,' she said. Instead, go to the source: call the phone number on the back of your credit card, visit the bank in person. Multifactor authentication tricks If you are one of the many people who uses multifactor authentication, take note. Multifactor authentication is still very helpful and should be used. But Cristescu flagged one way that scammers are taking this tool – which is designed to make people's online accounts more secure – and using it to slither in. As a refresher, multifactor authentication is an added layer of protection that prevents data thieves from logging into your accounts if they have your username and password. It helps ensure that you're the one who typed in your password when you log in, and not some scammer in the Philippines or Poughkeepsie. To use multifactor authentication, you typically download an app, such as Google Authenticator or Microsoft Authenticator. You register your sensitive online accounts, such as Facebook, bank or email, with that app. Then, every time you log into a registered website, the authenticator app generates a new, random code that you enter after your password as a second layer of verification. With the rise of this protection, a new threat has emerged: Scammers who have your username and password can send log-in requests to your authenticator app. Next, the scammer can pose as an IT expert from your workplace and ask you to approve the log-in request. If you fall for it, then boom – the scammer is in. This technique 'exploits a user's frustration and trust in IT. If you're receiving multiple (authenticator) prompts you didn't initiate, that's not a glitch – it's an attack,' Cristescu said. He recommends pausing, never approving these unexpected requests and flagging the interaction with IT. Velasquez added that if you get an authenticator notification and you didn't just log in yourself, 'That is a huge red flag. Stop and address it. Don't ignore it.' Anytime you interact with IT, be sure you're the one initiating that contact, she added. If someone from IT calls or emails you, disconnect and reach back out using a trusted method, such as the same phone number you always dial. Fake calendar invites A third technique data thieves are using is calendar invites. 'I just get really very angry about this one,' Velasquez said. 'It is super hard to detect.' Here's what to look out for. If you use an online calendar like Google calendar or the native iPhone calendar app, you might receive an invitation to an event you didn't see coming. Sometimes these meetings are legitimate. Sometimes, they are not. Scammers 'are now sending meeting requests with malicious links embedded in the invite or 'join' button. These invitations sync directly into calendars and often go unquestioned,' according to ZeroBounce. Scammers use calendar invites because they have 'built-in credibility – they're not usually scrutinised like emails,' Cristescu said. Look for meeting requests from unknown senders and vague event names like 'Sync' or 'Project Review,' he added. In some jobs or roles, meetings routinely get added to calendars by other people –clients, prospects, coworkers, bosses, peers. 'I have gotten these repeatedly,' said Velasquez, with the ITRC. 'Depending on your lifestyle and your job and how you work, these are going to be particularly challenging. They are real calendar invites. The problem is they have malicious software embedded in them – so when you click on portions of them, 'Click to join,' it's like opening an attachment (or) clicking on a suspicious link. It's the same principle.' Cristescu, with ZeroBounce, shared this tip: 'Treat those just like a phishing email. Disable auto-accept where possible and review every invite manually before clicking anything.' Never stop questioning what lands in your inbox or calendar, Cristescu added. 'Always verify the sender's email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags like spelling errors or unusual formatting.' A big picture pointer 'All three of these (scams) are so common that it has probably happened to every single person reading the article – at least one of them. That's how ubiquitous these are,' Velasquez said. She shared this broader thought: It's less important to know how to respond to each scenario and more important to pause, be skeptical, double check. It's important to be ever more sceptical, because AI makes it easier and easier for thieves to create convincing ruses, Cristescu and Velasquez both said. AI 'really helps with making these phishing offers look and sound so much more legitimate,' Velasquez said. 'And with the amount of data that is out there from public sources and from data breaches, it's very easy to see what relationships people have.' Where you bank, where you do business – that is all fodder for someone to create a copycat page designed to trick you into logging in. Adopt an 'investigator mindset,' Velasquez said. Use this helpful reminder: the acronym STAR, which stands for Stop. Think. Ask questions or ask for help. Reassess. – The San Diego Union-Tribune/Tribune News Service
