| CNN Politics edition.cnn.com
By Sean Lyngaas
Oct 8, 2025
Suspected Chinese government-backed hackers have breached computer systems of US law firm Williams & Connolly, which has represented some of America’s most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack.
The cyber intrusions have hit the email accounts of select attorneys at these law firms, as Beijing continues a broader effort to gather intelligence to support its multi-front competition with the US on issues ranging from national security to trade, multiple sources have told CNN.
The hackers in this case used a previously unknown software flaw, coveted by spies because it allows for stealth, to access Williams & Connolly’s computer network, said the letter sent to clients this week and reviewed by CNN. The letter did not name the hackers responsible, but the source familiar with the hack told CNN that Beijing was the prime suspect.
“Given the nature of the threat actor, we have no reason to believe that the data will be disclosed or used publicly,” the letter said, in a hint that the intruder was focused on espionage rather than extortion.
CNN has reached out to the Chinese Embassy in Washington, DC for comment.
Liu Pengyu, a spokesperson for the embassy, told CNN in response to a separate hacking allegation last month: “China firmly opposes and combats all forms of cyber attacks and cybercrime.”
It was not immediately clear which Williams & Connolly attorneys or clients were affected by the hack.
Williams & Connolly is known for its politically influential clientele and a storied bench of courtroom lawyers. The firm has represented Bill and Hillary Clinton; corporate clients, including tech, health care and media companies; and white-collar criminal defendants like Theranos founder Elizabeth Holmes.
A Williams & Connolly spokesperson declined to answer questions on who was responsible for the hack.
The hackers are “believed to be affiliated with a nation-state actor responsible for recent attacks on a number of law firms and companies,” Williams & Connolly said in a statement to CNN. “We have taken steps to block the threat actor, and there is now no evidence of any unauthorized traffic on our network.”
Another prominent US law firm hit by suspected Chinese hackers is Wiley Rein, CNN reported in July. With clients that span the Fortune 500, Wiley Rein is a powerful player in helping US companies and the government navigate the trade war with China.
The suspected Chinese hackers have been rampant in recent weeks, also hitting the cloud-computing firms that numerous American companies rely on to store key data, experts at Google-owned cybersecurity firm Mandiant have told CNN. In a sign of how important China’s hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms’ proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.
The Chinese government routinely denies allegations that it conducts hacking operations, often pointing to alleged US operations targeting Chinese entities and accusing Washington of a “double standard.”
At any given time, the FBI has multiple investigations open into China’s elite hacking teams, which US officials consider the biggest state-backed cyber threat to American interests.
CNN has requested comment from the FBI.
“Law firms are prime targets for nation-state threat actors because of the complex, high-stakes issues they handle,” said Sean Koessel, co-founder of cybersecurity firm Volexity, which has investigated Chinese digital spying campaigns.
“Intellectual property, emerging technologies, international trade, sanctions, public policy, to name a few,” Koessel told CNN. “In short, they hold a wealth of sensitive, non-public information that can offer significant strategic advantage.”
edition.cnn.com | CNN Business - Millions of AT&T customers can file claims worth up to $7,500 in cash payments as part of a $177 million settlement related to data breaches in 2024.
The telecommunications company had faced a pair of data breaches, announced in March and July 2024, that were met with lawsuits.
Here’s a breakdown.
What happened?
On March 30, 2024, AT&T announced it was investigating a data leak that had occurred roughly two weeks prior. The breach had affected data until 2019, including Social Security numbers, and the information of 73 million former and current customers was found in a dataset on the dark web.
Four months later, the company blamed an “illegal download” on a third-party cloud platform that it learned about in April for a separate breach. This leak included telephone numbers of “nearly all” of AT&T cellular customers and customers of providers that used the AT&T network between May 1 and October 31, 2022, the company said.
The class-action settlement includes a $149 million cash fund for the first breach and a $28 million payout for the second breach.
Am I eligible for a claim?
AT&T customers whose data was involved in either breach, or both, will be eligible. Customers eligible to file a claim will receive an email notice, according to the settlement website.
AT&T said Kroll Settlement Administration is notifying current and former customers.
How do I file a claim?
The deadline to submit a claim is November 18. The final approval hearing for the settlement is December 3, according to the settlement website, and there could be appeals following an approval “and resolving them can take time.”
“Settlement Class Member Benefits will begin after the Settlement has obtained Court approval and the time for all appeals has expired,” the website states.
How much can I claim?
Customers impacted by the March incident are eligible for a cash payment of up to $5,000. Claims must include documentation of losses that happened in 2019 or later, and that are “fairly traceable” to the AT&T breach.
