AT&T Settles Data Breach Lawsuits for US$177 Million

AT&T has reached a settlement of US$177 million to resolve class-action lawsuits stemming from two data security incidents that occurred in 2019 and 2024. This agreement, which US District Judge Ada Brown granted preliminary approval for, aims to mitigate the impacts of data exposures that affected millions of current and former customers. The monetary resolution is divided into US$149 million for the 2019 incident and US$28 million for the 2024 event.

“While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation," says AT&T according to The Hill, the organization that conducted the original investigation.

The first breach, which began in 2019 and was later confirmed by AT&T, resulted in the exposure of personal information for about 7.6 million current account holders and 65.4 million former account holders. This data, which included names, Social Security numbers, dates of birth, and passcodes, was identified on the dark web. Hackread.com previously reported on AT&T’s eventual confirmation of this breach, which affected roughly 73 million users, after initial speculation.

The second incident, confirmed in July of last year and beginning in April 2024, involved unauthorized access to call and text records from 2022 for nearly all of AT&T’s 109 million US customers. This access occurred through AT&T’s cloud storage provider, Snowflake. AT&T clarified that no names were linked to these stolen call records, and two individuals have been arrested in connection with this breach.

In this context, the US$177 million settlement establishes a compensation mechanism for affected customers. Current or former AT&T customers whose data was exposed in either breach may be eligible for a payout, with higher payments going to those who can show clear proof of losses directly caused by the data leaks.

Individuals impacted by the 2019 data breach, who can provide documented evidence of losses, may qualify for a maximum payment of US$5,000. For the 2024 Snowflake breach, the maximum payout for affected individuals is US$2,500. Following these initial, prioritized disbursements, any remaining portion of the US$177 million settlement fund will be distributed among other eligible customers, even if they do not have specific proof of direct harm.

Eligibility notifications are scheduled for delivery via email or mail between Aug. 4 and Oct. 17, 2025. A concluding court hearing regarding the settlement's approval is set for Dec. 3, 2025. Pending this approval, AT&T expects to begin issuing payments to customers in early 2026, reports Hack Read.