Class Action U Logo
Start Your Data Breach Claim

Millicom Data Breach Lawsuit

ShinyHunters claims to have stolen 380 million customer records from Millicom, including names, emails, account numbers, and masked credit card details. The alleged breach, which occurred in mid-September 2025, reportedly exploited an AWS vulnerability. Millicom has not confirmed the incident, raising concerns over transparency. If verified, the breach could impact millions of Tigo customers across Latin America. Affected individuals may be eligible for a class action lawsuit. Class Action U offers free consultations to help victims explore legal options.

Millicom
Date of Breach: Mid-September 2025
CAU logo

Who was affected:

Clients of Millicom

Impacted Data:

Full name

Email address

Account number

Customer IP address

Masked credit card number (with expiration month and year)

Financial and transactional information

Sign Up Now

Millicom, the telecom giant behind Tigo and Tigo Business, is at the center of an unconfirmed but alarming data breach allegation. Cybercriminal group ShinyHunters claims to have exfiltrated 380 million customer records. If proven true, this breach could be one of the largest in telecommunications history—potentially qualifying victims to join a class action lawsuit.

Millicom’s Data Breach Investigation

Millicom, a multinational telecom provider serving over 46 million subscribers across Latin America, is facing serious allegations of a major data breach. While the company has made no public disclosure on its website or to investors, threat actor ShinyHunters listed a massive dataset for sale on November 13, 2025, that reportedly contains information on hundreds of millions of Millicom customers.

According to details shared by the hackers and published by DataBreaches.net, the breach allegedly occurred in mid-September 2025 and involved a critical vulnerability—CVE-2024-2577—that granted the attackers access to Amazon Web Services (AWS) credentials. This access reportedly allowed them to download database backups stored in AWS S3 buckets.

The dataset allegedly includes sensitive personal information such as full names, email addresses, customer account numbers, IP addresses, masked credit card numbers, and financial transaction details. If legitimate, the impact on customer privacy and security would be substantial.

ShinyHunters claims they contacted Millicom on November 4, demanding a ransom of 15 Bitcoin. After unsuccessful negotiations, they posted the data for sale on a public hacking forum with a taunt: “Should’ve paid the ransom ;)”.

To date, Millicom has not acknowledged the breach publicly, and it is unclear whether they discovered the intrusion independently or only learned about it from the attackers. This lack of transparency raises additional concerns about how the company handles data security and breach disclosures.

When Did This Breach Occur?

According to the threat actor’s claims, the cyberattack on Millicom occurred in mid-September 2025. The data was publicly listed for sale on November 13, 2025, following failed ransom negotiations that reportedly began on November 4, 2025.

What Information Was Breached?

If the breach is verified, the compromised data may include:

  • Full name
  • Email address
  • Account number
  • Customer IP address
  • Masked credit card number (with expiration month and year)
  • Financial and transactional information

These elements, if genuine, pose serious risks for identity theft, account compromise, and targeted phishing scams.

What You Can Do

If you’re a Tigo or Millicom customer, take these proactive steps to protect your information—especially if you notice any suspicious activity:

  1. Monitor Financial Accounts: Review your bank and card statements for unauthorized charges.
  2. Change Passwords: Update passwords for Tigo and any other accounts using the same login details. Use strong, unique passwords and enable two-factor authentication.
  3. Check for Phishing Scams: Be on the lookout for suspicious emails pretending to be from Millicom or Tigo, especially those requesting account or payment details.
  4. Check Your Credit Reports: Visit AnnualCreditReport.com to request free reports and check for any unfamiliar activity.
  5. Consider a Fraud Alert or Credit Freeze: These can help prevent new accounts from being opened in your name without your knowledge.

If the breach is confirmed and you’re affected, you may be eligible to pursue legal action.

File a Data Breach Lawsuit Against Millicom

If it is confirmed that your personal data was compromised in this breach, you may be eligible to join a class action lawsuit. Data breaches involving such a vast number of records and sensitive information can have long-term consequences for victims, and companies that fail to safeguard this data must be held accountable.

Class Action U is here to support victims of data breaches. Our legal partners are experienced in handling high-profile, multinational cases. If you suspect your information was compromised, or if you are a Millicom or Tigo customer and received a breach notification, reach out now.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Doctor Alliance Data Breach
Date of Breach: November 12, 2025
Revere Health Data Breach
Date of Breach: October 2, 2025
Innovative Physical Therapy Data Breach
Date of Breach: October 2, 2025
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.