AT&T customers affected by two data security incidents can file claims from a $177 million settlement fund.
While the maximum payout is $7,500 for those with documented losses from both incidents, actual amounts will vary based on claim documentation and the total number of claimants. Compensation is available to affected customers who submit claims before the November deadline.
Here’s what you need to know about the settlement:
Is there a class action lawsuit against AT&T?
Yes, AT&T faces a class action lawsuit over two separate data breaches in 2024.
The first breach happened on March 30, 2024, when customer information — including addresses, Social Security numbers, birthdates, passcodes, billing details, and phone numbers — appeared on the dark web, according to the Kroll Settlement Administration. In March 2024, it was revealed that customer data from 2019 and earlier, affecting 73 million current and former AT&T customers, was found on the dark web, after initially denying the data’s source.
A second breach occurred on July 12, 2024. Between April 14 and April 25, 2024, hackers broke into AT&T’s third-party cloud storage provider, Snowflake, and stole call and text records. The breach exposed data from nearly all customers covering May 1 to October 31, 2022, as well as some records from January 2, 2023.
AT&T announced the breach on July 12, 2024, after delays from the Justice Department for national security reasons.
The class action lawsuit addresses both incidents.
Settlement Structure
A settlement has allocated $149 million for the 2019 data incident and $28 million for the 2022 call records breach.
Affected customers can claim up to $5,000 for the 2019 incident and up to $2,500 for the 2022 breach, with those impacted by both eligible to file claims in each category.
The Ransom Payment Controversy
In May 2024, AT&T reportedly paid approximately $370,000 in Bitcoin to a ShinyHunters hacker to delete stolen call records. The hacker initially demanded $1 million but accepted the lower amount.
While sources confirmed the payment, AT&T has not officially acknowledged it.
CEO Acknowledges Disappointment
During AT&T’s second-quarter earnings call, CEO John Stankey acknowledged criticism regarding the company’s performance and expressed disappointment in having to address these challenges.
He cited geopolitical dynamics as a key factor putting pressure on the company’s operations.
Congressional Security Concerns
Rep. Abigail Spanberger (D-VA) wrote to CEO Stankey expressing serious concerns about the national security risks of a recent data breach.
She noted that adversarial governments, like the Russian Kremlin and the Chinese Communist Party, could exploit the stolen information to trace phone numbers, revealing contacts and sensitive communication networks.
Legal Timeline
A number of lawsuits related to both breaches have been combined in the U.S. District Court for the Northern District of Texas. On June 20, 2025, Judge Ada E. Brown granted preliminary approval for a settlement.
The final approval hearing is set for December 3, 2025, at 9:00 a.m. CT.
Who is eligible for the AT&T settlement?
Customers impacted by both data breaches can file a claim in the settlement.
You can find out if you’re eligible by checking this website for customers who were involved.”Submit claim” and you will be prompted to include a class member ID, email address, AT&T account number or full name. That will reveal your eligibility, and you will then be required to provide additional documentation to submit a claim.
If you didn’t receive a confirmation code and notice ID, contact the Kroll Settlement Administration at 833-890-4930 for assistance.
Claims Process
Eligible customers will receive an email from “[email protected]” with their class member ID for filing claims.
Claims can be submitted online at telecomdatasettlement.com or by mail and must be completed by November 18, 2025. Failure to meet this deadline will result in forfeiture of all compensation rights.
When is the deadline to file a claim in the AT&T settlement?
You have two more months to file a claim — the deadline is Tuesday, Nov. 18, 2025. The claim can also be filed online, or be mailed and received or postmarked by the deadline date.
Documentation Requirements
To receive significant compensation, claimants must provide “reasonable documentation” of losses linked to the breaches, such as receipts for identity monitoring, fraud remediation costs, or evidence of identity theft.
Those without such documentation will likely receive smaller, pro-rata shares of the remaining settlement funds.
What payout amount could you get from the AT&T settlement?
You may receive up to $7,500 if you were affected by both breaches.
- Those impacted by the March 2024 breach can claim up to $5,000 through the documented loss cash payment option by submitting supporting materials.
- The July 2024 breach allows claims of up to $2,500.
Here’s the full breakdown of the cash payout (as listed on the website):
Here’s a full breakdown of the cash payout (according to the website):
- Tier 1 Cash Payment (March breach): Members who had their Social Security Number included in the March incident, are eligible to make a claim for a Tier 1 Cash Payment. Tier 1 Cash Payments are five times the amount of a Tier 2 Cash Payment.
- Tier 2 Cash Payment (March breach) – Members who had their Data Elements included in the March incident, but not their SSN, are eligible to make a claim for a Tier 2 Cash Payment.
- Tier 3 Cash Payment (July breach) – As an alternative to a Documented Loss Cash Payment, account owners may submit a Claim for a Tier 3 Cash Payment. A Tier 3 Cash Payment is a pro rata share of the July incident cash (the funds left after payment of Settlement Administration Costs, Attorneys’ Fees, Costs, and Service Awards). The Amount of the Net Settlement available for Settlement Class Member distribution is unknown at this time and will be based upon the amount of the Settlement Administration Costs, the amount of attorneys’ fees, costs, and Service Awards, and the number of Valid Claims received from Settlement Class Members.
Escalating FCC Penalties
The settlement follows growing regulatory scrutiny. In September 2024, the FCC fined AT&T $13 million over a separate 2023 vendor data breach that exposed the information of 8.9 million customers.
“The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches,”
— FCC Chairwoman Jessica Rosenworcel
Consumer Trust Decline
Leave a Comment