If you were an AT&T customer at any point between 2019 and 2024, you may soon receive a compensation check. The telecommunications giant has reached a settlement of $177 million to resolve two class action lawsuits stemming from significant data breaches.
On June 20, a court ruled that the parameters of the settlement were reasonable, allowing AT&T to proceed with payments. In total, $149 million is designated for customers impacted by a breach in 2024, while another $28 million will be allocated to those affected by an earlier incident in 2019 and prior. According to court documents, compensation will first be directed towards individuals who incurred direct losses due to the breaches, with any remaining funds distributed among customers whose personal data was compromised. AT&T has also initiated complimentary credit monitoring services for the affected individuals.
Overview of the AT&T Data Breaches
The first breach was detected in March 2024, when AT&T identified sensitive information of 7.6 million current users and 65.4 million former customers on the dark web. The company has not disclosed the method of acquisition but promptly reached out to affected customers to offer credit monitoring. The compromised records dated back to 2019 and earlier.
Subsequently, on April 19, 2024, AT&T reported yet another major breach to the SEC, where a malicious actor illegitimately accessed AT&T’s Snowflake environment. This breach led to the unauthorized downloading of call logs and text messages from a vast number of customers, covering interactions from May 1 to October 31, 2022, along with some from January 3, 2023. Notably, this incident raised extensive concerns regarding data security protocols within the company.
The implications of the 2024 breach continue to resonate, with reports indicating that businesses and individuals are still grappling with the repercussions well into 2025. Such significant data exposures not only threaten consumer trust but also highlight vulnerabilities in cybersecurity frameworks.
Eligibility for Compensation
For those potentially affected by the 2019 or 2024 data breaches, AT&T is expected to reach out directly in the upcoming months with detailed instructions. Between August and October of this year, the company will circulate class action settlement notifications to eligible customers. Should you not receive a notification by October 17, it is advisable to contact AT&T to ascertain your eligibility, recognizing that an online claim form is not currently available.
Timeline for Settlement Payments
While payments are slated for distribution after December 3, 2025, the exact schedule is yet to be finalized. The courts have laid out a timeline for AT&T to adhere to as it moves forward with the settlement process. This includes deadlines for delivering class lists to the settlement administrator and informing affected parties about their options regarding the settlement.
Topics
AT&T
Cybersecurity
This situation underscores the importance of robust cybersecurity measures in safeguarding sensitive customer data. Potential tactics that could have been leveraged in these breaches may include initial access through exploitation of vulnerabilities, persistence mechanisms to retain access, and privilege escalation to gain broader access within the network. As such incidents unfold, businesses must remain vigilant, learning from the failures of others to bolster their cyber defenses.
