
AT&T will pay millions of Americans after exposing their most sensitive information in not one, but two massive data breaches affecting over 180 million customers.
Key Takeaways
- AT&T has agreed to a $177 million settlement for data breaches in 2019 and 2024, exposing sensitive personal information of millions of current and former customers.
- The 2019 breach affected 73 million customers, while the 2024 breach compromised call and text records of approximately 109 million Americans.
- Eligible customers can receive up to $5,000 for the 2019 breach and $2,500 for the 2024 breach, with higher payments prioritized for those who can prove direct damages.
- The claims process opens August 4, 2025, with a November 18, 2025 deadline and payments expected in early 2026.
- Even customers who cannot prove direct damages will receive some compensation from remaining funds after prioritized payouts.
Corporate Negligence Leads to Massive Data Exposure
AT&T customers’ most sensitive personal information – including Social Security numbers, names, dates of birth, and detailed call records – has been compromised in two separate major data breaches spanning 2019 and 2024. The telecommunications giant now faces a $177 million settlement after class action lawsuits alleged corporate neglect in protecting customer data. US District Judge Ada Brown gave preliminary approval to the settlement on June 20, 2025, paving the way for millions of affected customers to receive compensation for having their private information exposed to hackers and potentially sold on the dark web.
The first breach in 2019 exposed the data of 7.6 million current and 65.4 million former account holders – a staggering 73 million Americans whose personal identifiable information was compromised. The second breach, occurring earlier this year, involved a hacker accessing AT&T’s cloud storage provider, Snowflake, and stealing call and text records from 2022 for approximately 109 million US customers. This represents one of the largest corporate data breaches in American history, affecting a significant portion of the US population and highlighting the vulnerability of our critical telecommunications infrastructure.
The telecom giant will pay out $177 million in relation to two recent data breaches affecting current and former customers. https://t.co/9mZb4cKkZp
— CNET (@CNET) June 24, 2025
Compensation Structure Favors Proven Damages
The settlement structure prioritizes larger payments to customers who can demonstrate tangible damages directly linked to the data breaches. Maximum payouts are substantial – up to $5,000 for victims of the 2019 breach and $2,500 for those affected by the 2024 breach – but receiving these maximum amounts requires documented proof that damages were “fairly traceable” to the breaches. AT&T has acknowledged the breaches but deflected full responsibility, stating they were not “responsible for these criminal acts” while agreeing to the settlement to avoid prolonged litigation.
“AT&T has agreed to settle these lawsuits to avoid the uncertainties, expenses and time commitments of continued litigation. The settlement agreement does not find or suggest that AT&T was responsible for these criminal acts or that AT&T did not take reasonable steps to protect its customers’ information,” said AT&T spokesperson.
Eligible customers who cannot demonstrate specific damages will still receive compensation from the remaining settlement funds after prioritized payouts are distributed. This approach ensures all affected customers receive something, while appropriately compensating those who suffered direct financial harm, identity theft, or other measurable damages. The settlement serves as an important reminder that corporate giants are not above accountability when they fail to adequately protect their customers’ sensitive personal information from hackers – a growing concern in our increasingly digital society.
Timeline for Claims and Compensation
AT&T will notify eligible customers about their inclusion in the settlement via email or mail, but affected customers should be proactive about their claims. The formal claims process opens on August 4, 2025, giving victims approximately three months to file their claims before the November 18, 2025 deadline. The tight timeline reflects the need for administrative processing before the final approval hearing scheduled for December 3, 2025. Following court approval, payments are expected to begin distribution in early 2026, approximately seven years after the first breach occurred.
The settlement represents another costly consequence of inadequate data security practices by major corporations entrusted with Americans’ personal information. While $177 million might seem substantial, it amounts to just over $0.98 per affected customer if distributed equally across all 182 million victims. For a corporation that reported $120.7 billion in revenue for 2023, this settlement represents less than 0.15% of a single year’s income – raising serious questions about whether such penalties provide sufficient incentive for corporations to invest in proper security measures to protect customer data in the first place.