AT&T has agreed to a $177 million settlement in response to two significant data breaches that compromised the personal information of customers, as reported by CNET.
The settlement will provide compensation to both current and former customers affected by at least one of the breaches. Notably, individuals who can substantiate claims of damages due to the unauthorized access may qualify for higher payouts.
Eligible customers can expect to receive notifications via email or postal mail over the coming months. The initiation of the claims process is projected to begin on August 4, 2025, according to CNET.
Overview of the Data Breaches
CNET highlighted that the first breach occurred in 2019, wherein AT&T disclosed that approximately 7.6 million active and 65.4 million former customers had their data compromised by hackers. This included sensitive information such as social security numbers, names, and dates of birth.
The investigation into the breach was initiated in 2024 after customer information was reported to be circulating on the dark web.
The second breach transpired in April 2024, when a cybercriminal infiltrated AT&T’s cloud storage provider, Snowflake, accessing call and messaging records for nearly all of its U.S. customers, totaling around 109 million individuals.
AT&T confirmed that the stolen data lacked identifiable information, as names were not associated with the compromised records. Two suspects have since been apprehended in relation to this breach, per CNET.
Both incidents have resulted in multiple class action lawsuits being filed against the company, as reported by CNET.
Claiming Compensation
On June 20, U.S. District Judge Ada Brown granted preliminary approval for AT&T’s settlement proposal concerning the two data breaches, with the aim of compensating those affected, according to Reuters.
To qualify for the maximum possible compensation, claimants will need to demonstrate reasonable evidence of damages resulting from the breaches, as per CNET.
For those affected by the 2019 breach, damages may reach up to $5,000. In contrast, individuals impacted by the 2024 breach can claim as much as $2,500.
Currently, the deadline to file a claim is set for November 18. Final settlement approval is pending a court hearing scheduled for December 3, following which payments are expected to commence, CNET disclosed.
Any remaining funds from the $177 million settlement will be allocated to individuals whose data was compromised, irrespective of their ability to provide proof of damages. AT&T anticipates that disbursements will commence in early 2026, with a notification schedule outlined from August 4 to October 17, 2025, as noted in the recent court order.
The breaches, exemplifying persistent cybersecurity vulnerabilities, underscore critical concerns for businesses that handle sensitive customer data, highlighting the necessity of robust data protection measures. As outlined in the MITRE ATT&CK framework, adversary tactics such as initial access, data exfiltration, and persistence techniques may have contributed to these incidents. Business owners must prioritize the implementation of advanced cybersecurity protocols to safeguard against similar breaches.
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your interactions and personal information may be collected and stored by us and third-party partners in accordance with our Privacy Policy.
