Millions of AT&T customers can now file claims for cash payments as part of a $177 million settlement stemming from two data breaches announced in 2024. The agreement, which addresses incidents affecting personal information and call records, includes a $149 million fund for the first breach and $28 million for the second. Eligible individuals must submit claims by Nov. 18, 2025, with a final court approval hearing set for Dec. 3, 2025, in the U.S. District Court for the Northern District of Texas.
Current and former AT&T customers whose data was compromised in either breach—or both—qualify for the AT&T data breach settlement benefits. For the March 2024 incident, which involved a data leak discovered on the dark web affecting information up to 2019, claimants can seek up to $5,000 with documentation of losses traceable to the event occurring in 2019 or later. The July 2024 breach, attributed to an illegal download from a third-party cloud platform, allows claims up to $2,500 for losses on or after April 14, 2024, also requiring proof. Those impacted by both could receive up to $7,500, provided documentation for each is distinct and unique.
Without documentation, customers can opt for tiered cash payments from the remaining funds after administrative costs and fees. In the AT&T data breach settlement for the first incident, those whose Social Security numbers were exposed receive five times the amount of others with different data elements compromised. For the second breach, eligible claimants share equally in the net fund. However, the exact per-person amounts remain uncertain, depending on the number of valid claims filed and total deductions, as stated on the official settlement website.
Kroll Settlement Administration is notifying affected customers via email, directing them to the settlement portal for claim forms. Submissions can be completed online or mailed to AT&T Data Incident Settlement, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324, with mailed forms postmarked by Nov. 18, 2025. The process requires providing account details or other identifiers to verify eligibility. Those wishing to exclude themselves or object must do so by Oct. 17, 2025, via mail to the same address. Payments will only distribute after court approval and any appeals are resolved, a process that could extend beyond the Dec. 3, 2025, hearing.
The first breach, announced March 30, 2024, stemmed from a leak investigated two weeks earlier, exposing Social Security numbers, names, addresses, phone numbers, email addresses, dates of birth, account passcodes and billing account numbers for about 7.6 million current and 65.4 million former customers, totaling 73 million records. Data dated back to 2019 or earlier and appeared on the dark web, prompting multiple class-action lawsuits consolidated in June 2024 in federal court in Texas. The second incident, revealed July 12, 2024, involved records illegally downloaded from a Snowflake-hosted cloud workspace, affecting telephone numbers, interaction counts, aggregate call durations and cell site IDs for nearly all AT&T cellular customers—around 109 million records—from May 1 to Oct. 31, 2022, plus customers of other providers using AT&T’s network. Lawsuits for this breach were consolidated in October 2024 in Montana federal court before being combined with the earlier cases.
Parties reached the AT&T data breach settlement in March 2025, filing a consolidated complaint May 30, 2025, without AT&T admitting liability. In a statement, AT&T said it denies allegations from the lawsuits that it was responsible “for these criminal acts” from the data breach, but “agreed to this settlement to avoid the expense and uncertainty of protracted litigation.” The company added, “We remain committed to protecting our customers’ data and ensuring their continued trust in us.” An AT&T spokesperson told CNN in 2024 that the March breach had “no connection in any way” to the July announcement. AT&T expects court approval by year’s end.
The breaches heightened national concerns over identity theft, as exposed Social Security numbers and call logs could lead to fraud, prompting federal officials to advise credit monitoring. The Federal Trade Commission has urged affected consumers to freeze credit reports and monitor accounts, aligning with recommendations from cybersecurity experts. Nationwide, wireless subscribers exceed 500 million, with AT&T holding a significant share, making the incidents among the largest telecom data exposures in recent years.
Cybersecurity experts note these breaches reflect broader vulnerabilities in telecom data storage, with third-party platforms like Snowflake implicated in multiple 2024 incidents affecting over 165 organizations. The AT&T data breach settlement follows a pattern of large payouts in similar cases, such as T-Mobile’s $350 million agreement in 2022 for a breach impacting 76 million users. For claimants, providing bank statements, police reports or credit monitoring bills as documentation strengthens higher-value claims, while tiered options suit those without losses.
Customers should check emails from Kroll for notices. National consumer protection groups have fielded inquiries on the AT&T data breach settlement, emphasizing verification to avoid scams mimicking official communications. As claims processing begins post-approval, distributions could occur in 2026, depending on appeals.
The settlement underscores ongoing risks in data handling, with AT&T implementing enhanced security measures post-incidents, including multi-factor authentication resets for affected accounts in 2024. For full details, visit the settlement website.
The incidents have spurred discussions on federal regulations for data protection in the telecom sector, with lawmakers proposing bills to mandate quicker breach notifications and stricter third-party vendor oversight. In 2024, the Federal Communications Commission fined AT&T $57 million for a separate data-sharing violation, highlighting increased scrutiny on the industry. Consumer advocates argue that settlements like this, while providing relief, do not fully address systemic issues, as average payouts often fall below maximums due to high claim volumes.
Experts recommend proactive steps for all consumers, such as using password managers, enabling two-factor authentication and regularly reviewing credit reports through AnnualCreditReport.com. The breaches also exposed gaps in cloud security, with Snowflake’s involvement leading to industry-wide reviews of access controls and encryption practices. As digital reliance grows, incidents like these emphasize the need for robust cybersecurity frameworks to protect sensitive information.
