Significant Data Breaches Impact AT&T Customers: $177 Million Settlement Proposed
AT&T has confirmed that sensitive information belonging to its current and former customers was compromised in two major data breaches, one occurring in 2019 and another in 2024. In light of these incidents, the telecommunications giant has opted to address the fallout through a proposed settlement that could amount to $177 million for impacted individuals. US District Judge Ada Brown has granted preliminary approval for this settlement, which serves to resolve two lawsuits stemming from the breaches.
The first breach, which began in 2019, exposed the data of approximately 73 million customers, including names, Social Security numbers, and birth dates. Investigations into this breach were initiated following reports that customer information was circulating on the dark web. The second breach, disclosed in 2024, involved an intrusion into AT&T’s cloud storage provider, Snowflake. Hackers accessed call and text records from 2022, impacting nearly 109 million U.S. customers. AT&T emphasized that no identifiable information was linked to the stolen data and reported that two suspects have been arrested in connection with the attack.
Following these breaches, AT&T is facing several class-action lawsuits that allege negligence in protecting customer data. The proposed settlement aims to prioritize compensation for individuals who can demonstrate tangible damages directly linked to the data compromises. Those with documented proof of damages may receive payouts as high as $5,000 for the 2019 breach and up to $2,500 for the 2024 incident. Unsettled claims will be disbursed from any residual funds after those with documented claims have been compensated.
AT&T customers who may be eligible for compensation are encouraged to remain vigilant for notifications, which may arrive via email or physical mail in the upcoming months. The claims process is expected to commence on August 4, 2025, with a final deadline for submission set for November 18, 2025. Payments are anticipated to begin in early 2026, although a final approval hearing for the settlement is scheduled for December 3, 2025.
These breaches are emblematic of the growing cybersecurity challenges faced by major corporations. The initial access tactics employed in these attacks may have utilized vulnerabilities in software or systems, as outlined in the MITRE ATT&CK framework. Techniques such as phishing or exploiting software vulnerabilities could have facilitated unauthorized access. Furthermore, persistence tactics may have allowed attackers to maintain access to AT&T systems, while privilege escalation methods may have been employed to gain administrator-level permissions, thereby broadening the scope of the breach.
In light of these incidents, it is imperative for businesses to adopt robust cybersecurity practices to safeguard customer information. Enhanced security audits, employee training programs on recognizing phishing attempts, and continuous monitoring of system vulnerabilities can significantly mitigate the risk of similar occurrences. As AT&T navigates the complexities of this settlement and the associated claims process, it serves as a cautionary tale for other organizations to prioritize data security and remaining vigilant against evolving cyber threats.
