AT&T has reached a historic $177 million settlement to resolve a consolidated class action lawsuit stemming from two major data breaches affecting millions of customers, marking one of the largest telecommunications data breach resolutions in recent history. The telecommunications giant agreed to the substantial payout to avoid proceeding to trial, with a Texas judge granting preliminary approval to the settlement terms in August.
The resolution addresses security failures across multiple years, with affected customers potentially eligible for compensation up to $7,500 depending on their circumstances and which breaches impacted them. As detailed in industry coverage of corporate data settlements, this case highlights growing concerns about data protection in the telecommunications sector.
Breach Timeline and Impact
The lawsuit consolidated claims from two separate incidents that exposed sensitive customer information. The first breach occurred in 2019 but wasn’t publicly disclosed by AT&T until 2024, when data from that incident appeared for sale on dark web marketplaces. This breach compromised the personal information of approximately 73 million current and former customers, including highly sensitive data such as Social Security numbers, full legal names, and birth dates.
The severity of the 2019 breach forced AT&T to reset passcodes for millions of customer accounts earlier this year. Meanwhile, the 2024 breach involved unauthorized access to AT&T’s cloud-based data warehouse through Snowflake, affecting roughly 109 million customers. This incident exposed extensive call and text metadata that could potentially reveal customer identities through analysis of communication patterns.
Settlement Structure and Compensation Tiers
The $177 million settlement is divided between two distinct claimant groups corresponding to the separate breaches. The AT&T 1 Settlement Class, covering victims of the 2019 breach, will share in $149 million of the total settlement fund. The AT&T 2 Settlement Class, representing those affected by the 2024 breach, is eligible for the remaining $28 million.
Compensation amounts vary significantly between the two tiers based on the type of data exposed and resulting damages. Customers affected by the 2019 breach who can document financial losses directly resulting from the incident may qualify for up to $5,000. Those impacted by the 2024 breach can claim up to $2,500 for documented losses. Claimants affected by both breaches may potentially qualify for compensation from both settlement funds, though they must provide separate documentation for each incident.
Claim Process and Documentation Requirements
Kroll Settlement Administration, the firm overseeing the claims process, has established a dedicated settlement website and will notify eligible class members via email. Potential claimants should monitor their email inboxes, including spam folders, for official communication containing their Class Member ID, which is required to file a claim.
The claims process requires different levels of documentation depending on the breach involved. For the 2019 breach, claimants must provide evidence of financial losses directly attributable to the data exposure. The 2024 breach claims similarly require documentation of monetary damages. Those unable to prove specific financial losses but who still qualify as class members will receive a pro rata share of any remaining settlement funds after documented claims are paid.
This settlement emerges amid broader industry movements toward enhanced security frameworks across technology sectors, highlighting the critical importance of robust data protection measures.
Filing Options and Deadline
Claimants have multiple options for submitting their compensation requests. The primary method involves filing through the official Kroll settlement website using the provided Class Member ID. Alternatively, claimants can print physical claim forms and mail them to the designated settlement administrator address.
The deadline for all claim submissions is December 18, 2025, providing affected customers approximately one year to gather necessary documentation and file their claims. All mailed claims must be postmarked by this deadline to be considered valid.
Broader Industry Implications
This substantial settlement occurs as technology companies face increasing scrutiny over data handling practices. The case demonstrates the significant financial consequences companies may face when customer data is compromised, particularly when disclosure is delayed. As technology companies expand into new product categories, the AT&T settlement serves as a reminder that data security must remain a paramount concern.
The resolution also aligns with broader corporate initiatives toward infrastructure security and reliability across multiple industries, emphasizing that data protection requires comprehensive security strategies at every level of operation.
AT&T’s settlement agreement explicitly states that the resolution occurs “without any admission of liability or wrongdoing,” a common feature in class action settlements that allows companies to resolve litigation while avoiding formal findings of fault. Nevertheless, the substantial financial commitment underscores the serious nature of the data exposures and their impact on customer privacy and security.
Based on reporting by {‘uri’: ‘tomsguide.com’, ‘dataType’: ‘news’, ‘title’: “Tom’s Guide”, ‘description’: “Think of us as your geeky friend who’s always on call. From smartphones to cord-cutting to video games, we’ve got your tech needs covered. Part of @FuturePLC”, ‘location’: {‘type’: ‘place’, ‘geoNamesId’: ‘5128581’, ‘label’: {‘eng’: ‘New York City’}, ‘population’: 8175133, ‘lat’: 40.71427, ‘long’: -74.00597, ‘country’: {‘type’: ‘country’, ‘geoNamesId’: ‘6252001’, ‘label’: {‘eng’: ‘United States’}, ‘population’: 310232863, ‘lat’: 39.76, ‘long’: -98.5, ‘area’: 9629091, ‘continent’: ‘Noth America’}}, ‘locationValidated’: False, ‘ranking’: {‘importanceRank’: 167019, ‘alexaGlobalRank’: 1518, ‘alexaCountryRank’: 630}}. This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.
