A federal judge approved a $177 million settlement after two major data breaches exposed AT&T customers’ private information and triggered widespread legal fallout.
At a Glance
- The settlement resolves class action lawsuits tied to two breaches affecting tens of millions of customers.
- One breach involved nearly all customers’ call and text logs stored on a cloud platform.
- Another breach leaked personal identifiers like Social Security numbers and birthdays.
- Affected users may claim up to $5,000 for verified losses or $2,500 otherwise.
- Notices go out in August 2025, with claims due by November 18, 2025.
Breach Details and Legal Fallout
In May 2024, hackers illegally accessed call and text records of approximately 109 million AT&T customers through a third-party cloud platform. The breach, along with a separate March 2024 incident that exposed Social Security numbers and birthdates of over 73 million users, triggered class action lawsuits in Texas and Montana. These details were confirmed in a Reuters investigation.
A U.S. District Judge in Dallas granted preliminary approval to the $177 million resolution on June 20, 2025. The settlement allocates $149 million for the call-data breach and $28 million for the personal data exposure, according to reporting from MySanAntonio. The breaches were further confirmed through KIRO 7’s coverage, which highlighted the unprecedented scale of customer data compromised.
Watch a report: AT&T Data Breach Settlement Explained
What Customers Need to Know
Settlement notices will be sent beginning August 4, 2025, with claims due by November 18, 2025, according to guidance from MySanAntonio. Users may opt out or object by October 17, 2025, as detailed by The U.S. Sun’s legal breakdown.
Eligible customers can receive up to $5,000 for documented financial harm or $2,500 if impacted by the call-log leak. Legal filings reviewed by Fox Business confirm that any remaining funds will be distributed across claimants, with named plaintiffs each receiving $1,500. Attorneys may collect up to one-third of the settlement.
Final court approval is anticipated by late 2025, with disbursements projected to begin in early 2026, based on the current timeline shared by MySanAntonio.
Broader Implications and Industry Impact
While AT&T denies direct fault, it said the agreement avoids extended litigation and mounting legal costs. The FCC has launched an investigation into the company’s data practices. Notably, AT&T previously paid $13 million in 2023 over another breach affecting nearly 9 million users—further amplifying concerns over systemic vulnerabilities.
The case underscores rising regulatory pressure on telecom and tech giants to fortify digital infrastructure. With tens of millions affected and over $177 million on the line, this settlement could serve as a legal template for future cybersecurity accountability.
Affected customers now face clear deadlines and structured relief pathways—an opportunity to hold one of the largest telecom providers financially accountable for repeated failures to protect their data.
