Cricket Wireless faces class action lawsuit following data breach

Cricket Wireless, a mobile virtual network operator based in the United States operating as a subsidiary of AT&T, is facing a class action lawsuit after a significant data breach compromised the personal information of approximately 10 million customers.

The lawsuit, filed by Alexis Morgan on July 23, 2024, in a Georgia federal court, accuses the telecommunications company of negligence in safeguarding sensitive customer data. According to the lawsuit, Cricket Wireless failed to protect customer information, leading to a data breach on Snowflake, a third-party cloud platform.

Cybercriminals exploited inadequate security measures on Snowflake’s platform to access Cricket Wireless customer data, including records of calls and texts, cell site identification numbers, and phone numbers. This breach impacted data from May 1, 2022, to October 31, 2022, and January 2, 2023.

The lawsuit alleges that Cricket Wireless did not inform its customers of the breach until July 22, 2024, despite discovering it in April. The notification lacked crucial details about the breach’s cause, exploited vulnerabilities, and the steps to address the issue. This delay has left customers uncertain about the security of their personal information.

Morgan’s lawsuit claims that the breach has increased the risk of identity theft, fraud, and other forms of exploitation. She seeks class-action status, damages, legal fees, and a jury trial. Additionally, Morgan demands that Cricket Wireless enhance its security measures to prevent future breaches.