A significant class action settlement of $177 million has emerged from a legal battle involving AT&T, one of the largest telecommunications companies in the United States. Customers who have been with AT&T may find themselves eligible to claim part of this settlement, although expecting a substantial payout may be unrealistic.
The settlement relates to data breaches that occurred in recent years, which compromised sensitive customer information including Social Security numbers and birth dates. The breaches posed a risk to personal data, as malicious actors on the dark web may have exploited this information. As cyber threats continue to evolve, the importance of protecting consumer data has never been clearer.
A judge in a Dallas federal district recently approved the settlement agreement on a preliminary basis. Customers who might qualify for the compensation are expected to receive notification via email or traditional mail during the summer months. AT&T, while admitting no wrongdoing, aims for final approval of the settlement by the year’s end, with payments anticipated to begin in early 2026.
As of now, a crucial approval hearing is set for December 3, 2025. In class action lawsuits, the amount of financial restitution awarded can depend heavily on the number of individuals who decide to file claims. Specifics about how customers can proceed with their claims remain forthcoming, and it should be noted that attorney fees may reduce the total value of the settlement.
In a statement shared with AARP, AT&T explained that their decision to settle was made to avoid extensive litigation costs, stressing their commitment to data security and maintaining customer trust despite the allegations against them. The company remains under scrutiny as this incident highlights the ongoing challenges in safeguarding sensitive data in today’s digital landscape.
The breaches in question stemmed from two significant cyberattacks against third-party cloud storage providers. In one instance, AT&T disclosed that a massive amount of phone and text record data was compromised, affecting nearly all of their cellular customers over a six-month span in 2022. The exposed data included interactions with other numbers, which were revealed through records gathered from May through October 2022, and additional information accessed in early January 2023.
In an earlier incident traced back to 2019, an estimated 7.6 million current AT&T account holders and 65.4 million former customers had their data affected. According to industry data, nearly 19% of AT&T’s current subscribers are over the age of 60, underscoring the demographic that may be particularly vulnerable in such cyber incidents.
The scale of the AT&T settlement, while significant, still falls short of the $725 million committed by Meta (formerly Facebook) to settle a class action lawsuit regarding user privacy, which highlights the continuing challenge companies face in mitigating cyber risks and protecting user data. Understanding these incidents through the lens of the MITRE ATT&CK framework indicates that tactics like initial access and persistence may have been relevant in executing these attacks, signifying the evolving nature of cyber threat landscapes and the necessity for robust security practices.
