AT&T customers who had their sensitive data exposed in two massive breaches will share a $177 million settlement, with some individuals eligible for up to $5,000 in compensation for proven damages.
Key Takeaways
- AT&T has agreed to pay $177 million to settle claims from two major data breaches affecting millions of current and former customers in 2019 and 2024.
- The 2019 breach exposed personal information of 7.6 million current and 65.4 million former customers, while the 2024 breach compromised call and text records of 109 million customers.
- Customers who can prove financial damages directly linked to the breaches may receive up to $5,000 for the 2019 breach and $2,500 for the 2024 breach.
- The claims process opens August 4, 2025, with a November 18, 2025 deadline, and payments expected to begin in early 2026.
Massive Data Breaches Expose Millions of AT&T Customers
In a devastating blow to customer privacy, AT&T faces a $177 million settlement after two major data breaches compromised the personal information of more than 180 million current and former customers. The settlement addresses breaches occurring in 2019 and 2024, where hackers gained access to sensitive customer data including names, Social Security numbers, dates of birth, and phone records. The preliminary settlement, approved by U.S. District Judge Ada Brown on June 20, 2025, comes after class action lawsuits accused AT&T of corporate negligence in protecting customer information from unauthorized access.
The first breach in 2019 exposed data of 7.6 million current and 65.4 million former AT&T account holders. The more recent breach in 2024 resulted from a hack into AT&T’s cloud storage provider, Snowflake, compromising call and text records from 2022 for approximately 109 million American customers. These security failures represent a concerning pattern in corporate America’s handling of sensitive consumer data, demonstrating yet another instance where a major corporation failed to adequately protect American consumers despite collecting extensive personal information.
The telecom giant will pay out $177 million in relation to two recent data breaches affecting current and former customers. https://t.co/9mZb4cKkZp
— CNET (@CNET) June 24, 2025
Settlement Details and Eligibility
The $177 million settlement prioritizes customers who can demonstrate tangible financial harm from the data breaches. Those affected by the 2019 breach could receive up to $5,000, while victims of the 2024 breach may qualify for up to $2,500. However, claimants must provide documentation proving damages “fairly traceable” to the breaches, such as unreimbursed fraud charges, costs for credit monitoring services, or time spent resolving identity theft issues. Without this evidence, affected customers will likely receive substantially smaller payments from the remaining settlement funds.
“AT&T was not ‘responsible for these criminal acts,’ but agreed to the settlement ‘reasonably’ to resolve the matter,” AT&T stated in response to the lawsuits.
All affected customers will receive notification by email or mail regarding their eligibility for compensation. The formal claims process opens on August 4, 2025, giving victims until the November 18, 2025 deadline to submit their documentation. Following final court approval scheduled for December 3, 2025, payments are expected to begin in early 2026. This timeline provides a structured compensation framework but requires affected customers to remain vigilant about communication from settlement administrators over the coming months.
Corporate Accountability and Consumer Protection
The AT&T settlement represents a growing trend of major corporations facing significant financial consequences for data security failures. While $177 million represents a substantial sum, it pales in comparison to the profits generated by AT&T and the potential long-term damage suffered by consumers whose personal information has been compromised. The growing frequency of these breaches raises serious questions about whether companies are investing adequately in cybersecurity measures to protect the vast amounts of customer data they collect and store.
For AT&T customers, this settlement serves as both compensation and a stark reminder of the vulnerabilities in our increasingly digital world. With personal information now scattered across countless corporate databases, American consumers face ongoing risks of identity theft, financial fraud, and privacy violations. The settlement underscores the critical importance of maintaining strong personal security practices, including credit monitoring and identity protection services, regardless of corporate promises about data security. As data breaches continue to plague major companies, consumers must remain vigilant about protecting their personal information.
