AT&T Reaches $177 Million Settlement Over Data Breaches: What Customers Need to Know

The settlement addresses two distinct cybersecurity incidents that occurred in 2024, each affecting different types of customer information and requiring separate compensation frameworks.

Breach One: Dark Web Data Exposure (2019 Data)

The first incident came to light in March 2024 when AT&T confirmed that a dataset containing customer information had appeared on the dark web. AT&T's preliminary analysis showed this affected approximately 7.6 million current account holders and 65.4 million former account holders, totaling about 73 million individuals. The company determined that the data set appeared to be from 2019 or earlier.

The compromised information in this breach was extensive and included some of the most sensitive personal identifiers. Affected customers' data potentially included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, and AT&T account numbers and passcodes.

This first breach has been allocated $149 million of the total settlement fund, reflecting both the number of affected customers and the sensitivity of the exposed information.

Breach Two: Snowflake Platform Attack (2022 Data)

The second breach was disclosed in July 2024 and involved unauthorized access to AT&T's data stored on Snowflake, a third-party cloud storage platform. This incident resulted in the illegal downloading of about 109 million customer accounts and exposed call and text message metadata from nearly all AT&T customers for approximately six months of 2022.

AT&T disclosed that its call logs were copied from its workspace on the Snowflake cloud platform, covering about six months of customer call and text data from 2022. While this breach did not include names or Social Security numbers, it exposed detailed communication patterns including phone numbers, call durations, and cell site identification numbers.

This second breach has been allocated $28 million of the settlement fund, with the smaller amount reflecting the different nature of the compromised data compared to the first incident.

How the Settlement Payments Work

The settlement creates different compensation structures based on which breach affected customers and the type of harm they can demonstrate.

AT&T 1 Class Payments (Dark Web Breach)

Customers affected by the first breach have several options for compensation depending on their circumstances and ability to document losses.

• Documented Loss Payments: Customers who can provide documentation of losses "fairly traceable" to the March 2024 breach may receive up to $5,000 in reimbursement. This requires reasonable documentation connecting specific financial losses to the data breach.
• Tier 1 and Tier 2 Payments: Customers who cannot document specific losses may still be eligible for payments based on whether their Social Security number was exposed. Tier 1 payments (for customers whose Social Security numbers were compromised) will be five times larger than Tier 2 payments (for other affected customers).

The final amounts for these payments will depend on the total number of valid claims submitted and approved within each category.

AT&T 2 Class Payments (Snowflake Breach)

Customers affected by the Snowflake breach will receive equal shares of the $28 million fund allocated for this incident. The per-person amount will depend on how many eligible customers submit valid claims.

Overlap Class Members

Some customers were affected by both breaches and qualify as "overlap" class members. These individuals can submit claims for both incidents, but the documentation supporting each claim must be unique and cannot be used to support benefits from both breaches.

How to File a Claim

The claims process is designed to be accessible while ensuring that payments go to legitimate claimants who were actually affected by the breaches.

Important Deadlines

Customers have until November 18, 2025, to submit valid claim forms. This deadline applies to all types of claims under the settlement, so affected customers should not delay in gathering necessary documentation and filing their claims.

Claim Submission Methods

Once established, claims can be filed either online through a court-approved website or by mail using paper forms. The official AT&T settlement website will be launched following the preliminary approval, and customers should watch for official notifications about how to access the claims portal.

Required Documentation

The type of documentation required depends on the type of claim being filed. For documented loss claims seeking up to $5,000, customers will need to provide reasonable documentation showing how their losses were fairly traceable to the data breach.

For tier-based payments from the first breach, customers will need to demonstrate that they were affected by the incident and whether their Social Security number was among the compromised information.

Legal Process and Timeline

The settlement has received preliminary approval from U.S. District Judge Ada Brown in the Northern District of Texas, but several steps remain before payments can be distributed.

Notification Process

AT&T will begin notifying eligible customers about the settlement between August 4 and mid-August 2025. Notifications will be sent by email or mail depending on the contact information available for each customer.

Final Approval Hearing

A final approval hearing is scheduled for December 3, 2025, where the court will determine whether to give final approval to the settlement terms. Customers who wish to object to the settlement or opt out of the class action must do so by specified deadlines that will be included in the notification materials.

Payment Distribution

If the settlement receives final approval, AT&T expects to begin distributing payments to eligible claimants in early 2026. The company has indicated that it expects the settlement will be approved by the end of 2025.

AT&T's Response and Denial of Wrongdoing

While agreeing to the substantial settlement, AT&T has maintained that it was not responsible for the criminal acts that led to the data breaches. In a statement, the company said it "denied allegations it was 'responsible for these criminal acts'" and explained that it "agreed to this settlement to avoid the expense and uncertainty of protracted litigation."

AT&T expects the settlement will be approved by the end of 2025, with settlement payments to be issued early next year. This approach is common in large corporate settlements, where companies choose to resolve litigation without admitting fault while avoiding the costs and unpredictability of extended court proceedings.

The company has also committed to strengthening its data security protocols as part of the settlement agreement and will provide confidential documentation to class counsel outlining its remedial efforts.