The final deadline is approaching for US customers of AT&T to claim compensation in a significant data breach settlement, set for December 18. This settlement, amounting to $177 million, arises from allegations that AT&T failed to safeguard customer data during two separate incidents.
Customers may be eligible for compensation of up to $7,500 per affected account. The breaches, which impacted millions of individuals, have raised significant concerns regarding data security practices at the telecommunications giant. The first breach, occurring in 2019, involved exposure of sensitive data, including Social Security numbers and birthdates, but was not revealed until March 2024, allowing this information to circulate on the dark web.
The scale of the breach is staggering, affecting approximately 7.6 million current AT&T customers and 65.4 million former account holders. The timeline of the attacks raises questions about the efficacy of AT&T’s cybersecurity protocols, particularly as they relate to the initial access and persistence of the attackers, two critical tactics outlined in the MITRE ATT&CK framework.
The second data leak, reported to have taken place in April 2024 and disclosed in July, involved hackers unlawfully downloading customer phone records from 2022. Following numerous lawsuits stemming from these incidents, all parties reached a settlement agreement in March 2025, despite AT&T’s denial of any wrongdoing. This concession suggests a tactical decision to avoid the burdens of protracted litigation.
AT&T has publicly stated, “While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation.” This response highlights the ongoing risk that enterprises face from potential cybercriminal activities, encapsulating an environment where breaches not only damage reputations but also result in substantial financial impacts.
For affected customers, the process to file a claim is outlined on the Kroll Settlement Administration website. Here, customers must enter their Class Member ID, typically provided through a notification email from Kroll. AT&T customers uncertain of their eligibility can contact 833-890-4930 for verification. Claimants are encouraged to substantiate their claims with documented evidence of any losses incurred.
Compensation eligibility varies: those impacted by the 2019 breach could receive up to $5,000 if they can demonstrate documented losses. For those unable to provide such evidence, different tiers of payment exist, categorized based on whether their Social Security number was compromised. Notably, Tier 1 payments are reportedly five times higher than Tier 2 payments.
Individuals affected by the July 2024 breach can claim compensation up to $2,500, contingent upon proving financial loss, while others may receive a pro rata share of the remaining settlement fund after administrative costs are deducted. Overall, both breaches exemplify the pressing need for robust cybersecurity measures, particularly as attackers increasingly employ techniques for privilege escalation and lateral movement, as defined by the MITRE ATT&CK Matrix.
The substantial amount earmarked for settlement illustrates the financial risk that organizations face from data breaches, highlighting the essential need for businesses to prioritize cybersecurity strategies to mitigate potential vulnerabilities. As the deadline looms, AT&T customers are urged to act promptly to secure their rightful compensation.
