“It’s not a matter of ‘if.’ It’s just a matter of ‘when,'” people say about data breaches. The same could be said for potential class action lawsuits that follow announcements of big breaches. This week, AT&T is among those who are being sued over a big breach. Bloomberg reports:
COURT: N.D. Tex
TRACK DOCKET: No. 3:24-cv-00757 (Bloomberg Law subscription)AT&T Inc. was sued for allegedly exposing approximately 73 million current and former users to privacy-related injuries as result of a recent data breach.
AT&T recklessly “maintained, used, and shared” customers’ personally identifiable information and “intentionally, willfully, recklessly, or negligently” failed to take measures to secure its system despite knowing it was in a condition that made consumers’ sensitive data vulnerable, according to the purported class action filed March 30 in the US District Court for the Northern District of Texas.
Read more at Bloomberg.
Breach Times notes that AT&T has not confirmed that the data came from their system. The data may have been accessed or acquired from a vendor or partner. It’s all under investigation, and it’s possible that the suit may need to be amended to name a third party and change the claims against AT&T to allege that they should have been more careful in their choice of vendors or auditing of vendors. Or something. Where there’s money to be made and deep pockets, there’s a lawsuit.