AT&T will pay $177 million in a settlement to resolve lawsuits over two major data breaches affecting millions of customers. Current and former customers can file claims for cash payments up to $7,500 if both incidents affected them. The deadline to file claims is November 18, 2025.
The telecommunications company reached a settlement to resolve class action lawsuits from security breaches announced in March and July 2024. AT&T denies wrongdoing but agreed to settle to avoid costly litigation.
Two Security Breaches Exposed Customer Information
AT&T suffered two major data breaches in 2024. In March, hackers stole personal data from 73 million people, including Social Security numbers, birth dates, addresses, and account passcodes. The breach hit 7.6 million current customers and 65.4 million former customers. Security researchers found the stolen information on both dark web marketplaces and regular websites accessible to anyone.
In July, AT&T announced a second breach where hackers accessed a Snowflake cloud platform and stole call and text records from nearly all cellular customers. The stolen data covered May through October 2022 but excluded names and Social Security numbers.
AT&T discovered the cloud breach in April but waited three months to disclose it publicly, a delay that likely influenced the eventual settlement terms. The company reportedly paid hackers $370,000 in Bitcoin to delete the stolen records. The breach happened because hackers used stolen login credentials from malware infections dating back to 2020, and the compromised accounts lacked multifactor authentication.
Settlement Offers Different Payment Levels
AT&T will pay $177 million to settle both data breach lawsuits. The company split this into two funds, with March breach victims receiving $149 million and July breach victims getting $28 million. Customers hit by both breaches can claim from each fund for up to $7,500 total.
Attorney fees will consume up to one-third of each settlement fund, totaling about $59 million, which reduces the amount available for customer payments.
The settlement offers two payment tracks. Customers can pursue documented loss payments that require proof of financial harm, or take smaller tier payments with no documentation needed. Tier payments get divided among all eligible claimants, making individual amounts much lower than the maximum figures of $5,000 for March victims and $2,500 for July victims.
For March breach victims, the stolen data determines payment size. Customers whose Social Security numbers were exposed receive five times more than those whose other information was stolen, but Social Security numbers stayed secure.
Large Payments Require Documentation
Customers seeking documented loss payments must prove their financial losses came directly from the breaches.Acceptable proof includes receipts, bills, or third-party records showing costs for credit monitoring, identity theft protection, or fraudulent account expenses. Self-written statements can support other documentation, but cannot stand alone as proof.
Customers filing claims for both breaches need separate documentation for each incident. Those choosing tier payments face no documentation requirements. These payments get calculated based on the total number of valid claims received, with final amounts depending on administrative costs and legal fees.
Filing Claims Through Official Channels
Kroll Settlement Administration handles the settlement process and has started notifying eligible customers by email.Customers can file claims through the official settlement website or by calling the dedicated assistance hotline.
Filing requires basic information, including your class member ID from the notification email, email address, AT&T account number, or full name as listed on your notice. The settlement website verifies eligibility and walks customers through each step of the claim process.
Important Deadlines Approaching
Customers who want to exclude themselves from the settlement must mail a written request to the settlement administrator. This request must be postmarked by October 17, 2025. Customers who exclude themselves keep their right to sue AT&T individually but receive no settlement money.
A federal judge in the Northern District of Texas gave preliminary approval to the settlement in June 2025 after reviewing the proposed terms. The final approval hearing is scheduled for December 3, 2025.
Payments Expected to Begin Next Year
The settlement still requires final court approval before payments can begin, and appeals could delay the process further. AT&T expects approval to finish by late 2025, with payments likely starting in early 2026. Individual payouts remain uncertain because they depend on how many people file claims, along with administrative costs, attorney fees, and any appeals. The settlement website makes clear that customers will not know their payment amounts until the process ends.
What This Means for Data Security
These breaches expose how vulnerable telecom companies are to cyberattacks. Criminals now target businesses that store personal information and communication records. AT&T’s settlement shows the financial cost of weak security. Its market value dropped by $130 million after the July breach, proving how quickly failures damage investor confidence. Other companies have paid heavy penalties as well, such as Meta’s $725 million privacy settlement in 2022 and Equifax’s $700 million payout in 2019. Settlements may offer some compensation, but they do not undo privacy violations or stop identity theft. Criminals can misuse stolen Social Security numbers for years, showing that preventing breaches matters more than paying for them later.
Taking Steps to Protect Yourself
Customers affected by either breach should monitor their credit reports, bank accounts, and card statements for suspicious activity, whether they file a claim or not. They can set up credit monitoring services to strengthen protection. The breaches show that large companies still expose personal data to cyber attacks, and while settlements give some compensation, only strong security practices truly protect customers. Eligible AT&T customers should file a settlement claim, since the process is simple and allows compensation even without proof of specific losses. Because payout amounts remain uncertain, customers lose nothing by filing.
Read More: Apple’s $95M Siri Settlement: File Your Claim Before It’s Too Late