Millions of Americans have had their most sensitive personal data exposed by AT&T’s negligence, and the telecommunications giant is now paying out $177 million to settle lawsuits over two massive data breaches affecting more than 180 million customers.
Key Takeaways
- AT&T has agreed to a $177 million settlement for data breaches in 2019 and 2024 that exposed sensitive personal information of more than 180 million current and former customers.
- Maximum payouts are $5,000 for victims of the 2019 breach and $2,500 for the 2024 breach, but these amounts require documented proof of damages directly related to the breaches.
- The claims process begins August 4, 2025, with a filing deadline of November 18, 2025, and payments expected to start in early 2026.
- The 2024 breach occurred when hackers accessed AT&T’s cloud storage provider, Snowflake, exposing call and text records of approximately 109 million US customers.
- All affected customers will receive some compensation even without proof of damages, with amounts determined after prioritized payouts to those with documented losses.
AT&T’s Massive Data Exposure Affected Millions
AT&T’s carelessness with customer data led to two significant breaches that compromised sensitive information of both current and former subscribers. The first breach in 2019 exposed data belonging to 7.6 million current customers and a staggering 65.4 million former account holders. The more recent breach in 2024 was even more extensive, with a hacker gaining access to 2022 call and text records for approximately 109 million US customers. This level of exposure represents one of the largest telecommunications data breaches in recent history, with information including names, Social Security numbers, and dates of birth now potentially in the hands of criminals.
The severity of these breaches prompted multiple class action lawsuits against AT&T, alleging corporate neglect in protecting customer information. While AT&T has agreed to the substantial settlement, the company has attempted to distance itself from responsibility, claiming they aren’t “responsible for these criminal acts,” according to AT&T’s statements in court documents.
The telecom giant will pay out $177 million in relation to two recent data breaches affecting current and former customers. https://t.co/9mZb4cKkZp
— CNET (@CNET) June 24, 2025
Settlement Details and Eligibility
US District Judge Ada Brown granted preliminary approval to the settlement on June 20, 2025, setting in motion the process for victims to seek compensation. Eligible customers will be notified by email or mail about how to participate in the claims process, which officially begins on August 4, 2025. The settlement prioritizes larger payments to customers who can prove tangible damages directly linked to the data leaks, with maximum payouts of $5,000 for victims of the 2019 breach and $2,500 for those affected by the 2024 incident. These higher payouts require substantial documentation showing the damages were “fairly traceable” to the breaches.
“While AT&T has agreed to this settlement, the company maintains that it is not ‘responsible for these criminal acts’ that led to the exposure of customer data,” AT&T stated in court filings regarding the settlement.
For most affected customers who cannot document specific losses, compensation will be distributed from the remainder of the settlement fund after prioritized payments. This means the actual amount received by the average customer will likely be significantly less than the maximum payouts. The settlement agreement stipulates that all eligible victims will receive some compensation, even without proof of damages, though the exact amount will depend on how many people file claims and how much of the fund is allocated to those with documented losses.
Timeline and Claims Process
The timeline for receiving compensation stretches well into 2026. After the claims filing opens in August 2025, customers will have until November 18, 2025, to submit their documentation. The court has scheduled a final approval hearing for December 3, 2025, after which payments will begin to be distributed in early 2026. This lengthy process reflects the complexity of verifying claims and determining appropriate compensation levels for such a large group of affected individuals. While AT&T has claimed it took “reasonable” security measures, the settlement indicates a recognition of at least some level of responsibility for the massive data exposure.
The 2024 breach was particularly concerning as it involved a hack into AT&T’s third-party cloud storage provider, Snowflake. This incident exposed detailed call and text records, highlighting the vulnerabilities that exist even when companies outsource data storage. While the settlement provides some recourse for victims, it raises serious questions about corporate accountability in protecting consumer data and whether the financial penalties are sufficient to motivate better security practices among major telecommunications companies that handle vast amounts of sensitive personal information.
