NEW YORK (AP) — AT&T has reached a combined $177 million settlement over two data breaches. And impacted consumers have a little over a month left to file a claim for their chunk of the money.
Several lawsuits emerged across the U.S. — and were later consolidated — after AT&T notified millions of customers that information ranging from Social Security numbers to call records were compromised in these breaches last year. Plaintiffs alleged that the telecommunications giant “repeatedly failed” to protect consumer data. While AT&T has continued to deny wrongdoing, it opted to settle earlier this year.
“We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” AT&T said in a Thursday statement, adding that the company remains “committed to protecting our customers’ data and ensuring their continued trust in us.”
Eligible consumers have until Dec. 18 to file for a settlement payment — which will still need a judge’s final stamp of approval early next year. Here’s what you should know.
What data breaches does the AT&T settlement cover?
The settlement covers two different breaches. Both were disclosed in 2024 — but involve data belonging to millions of current and former AT&T customers dating as far back as 2019 or earlier.
AT&T disclosed the first of these breaches in March 2024, after the company said it found that customer information from 2019 or earlier had been released on the “dark web” weeks earlier. At the time, AT&T said the breach impacted roughly 7.6 million current and 65.4 million former account holders — with leaked data including some sensitive info like Social Security numbers and passcodes.
The other breach involved call and text records of nearly all AT&T customers from May through October of 2022, as well as a small subset from Jan. 2, 2023. AT&T said it learned that data was “illegally downloaded from our workspace on a third-party cloud platform” in April of last year — and began notifying customers in July 2024, after launching an investigation. The company maintained that the leaked records included information like phone numbers, but not content of the calls or texts, or other personally identifiable information.
Several lawsuits emerged over both of these data breaches — which were later consolidated. The settlement was reached earlier this year in U.S. District Court in Texas.
How much money could impacted customers get?
The settlement’s cash funds total $177 million to pay those impacted by both of these breaches — which divvies up to $149 million for the first “settlement class” and another $28 million for the second, per a preliminary approval order filed in June.
According to the settlement administrator’s website, consumers impacted by the first breach may be eligible to up to $5,000. And those affected by the second breach may be eligible for up to $2,500. It’s also possible to be an “overlap settlement class member,” which would mean you may be eligible for payments from both of these funds.
Final payment amounts will vary depending on losses documented from each person — as well as the total number of claims received and added costs like attorney fees. And the court still has to give the settlement its final stamp of approval, in a hearing currently scheduled for Jan. 15, 2026.
When is the deadline to file a claim?
In the meantime, consumers have a little over a month left to file a claim online or by mail. The deadline is Dec. 18.
To learn more, you can visit the website of the settlement administrator, Kroll Settlement Administration. Class members can also opt-out or make an objection before Nov. 17.
By WYATTE GRANTHAM-PHILIPS
AP Business Writer
