In one of the largest telecommunications data breach settlements in recent history, AT&T has agreed to pay $177 million to resolve class action lawsuits stemming from two major security incidents that compromised the personal information of millions of current and former customers. The settlement, which preliminarily received court approval in August, represents a significant resolution to legal challenges that emerged from breaches occurring in 2019 and 2024.
The telecommunications giant opted for the substantial payout rather than proceeding to trial, with the settlement administration being handled by Kroll, a prominent risk and financial advisory firm. According to the settlement terms, eligible class members could potentially receive compensation of up to $7,500 depending on their specific circumstances and the documentation they can provide.
Understanding the Two-Tier Settlement Structure
The $177 million settlement is divided into two distinct categories corresponding to the separate data breaches. The AT&T 1 Settlement Class addresses the 2019 breach and is allocated $149 million of the total settlement amount, while the AT&T 2 Settlement Class covers the 2024 breach with $28 million designated for affected customers.
What makes this settlement particularly noteworthy is the delayed disclosure timeline. The 2019 breach, which impacted approximately 73 million customers, wasn’t publicly acknowledged by AT&T until 2024—coinciding with the discovery that the stolen data was being sold on the dark web. This breach exposed highly sensitive information including Social Security numbers, legal names, and birth dates, forcing AT&T to reset passcodes for millions of customer accounts.
The Scope of Compromised Data
The 2024 breach involved a different attack vector, with hackers infiltrating AT&T’s cloud-based data warehouse hosted on Snowflake. This incident affected an even larger pool of approximately 109 million customers and exposed extensive call metadata including:
- Mobile and landline phone numbers
- Call and text records transmitted across AT&T’s network
- Aggregate call duration information
- Cell site identification numbers
Security experts note that this type of metadata, while seemingly less sensitive than Social Security numbers, can be sufficient to determine customer identities and track behavioral patterns—information that becomes particularly valuable when combined with other security vulnerabilities in the digital ecosystem.
Claim Process and Documentation Requirements
Kroll Settlement Administration has begun notifying potentially eligible class members via email, though recipients are advised to monitor spam folders as well. Those who believe they qualify but haven’t received communication can proactively reach out to the settlement administrator.
The claim process requires a Class Member ID, which Kroll provides through its initial communications. Claims can be submitted either through the dedicated settlement website or via traditional mail, with a strict deadline of December 18, 2025, for all submissions.
The compensation structure varies significantly between the two breach categories:
- 2019 Breach Claims: Require documented proof of financial loss directly resulting from the breach, with eligible claimants receiving up to $5,000
- 2024 Breach Claims: Qualify for up to $2,500 without the same stringent documentation requirements
Customers affected by both breaches may file separate claims for each incident but must provide appropriate documentation for each. Those unable to prove direct financial losses but who still qualify will receive a pro rata share of the remaining settlement funds after documented claims are paid.
Broader Industry Implications
This settlement arrives amid increased industry focus on data security and privacy protections, particularly as companies handle increasingly sensitive customer information. The AT&T case highlights the growing legal and financial consequences for corporations that fail to adequately protect consumer data or promptly disclose breaches.
The resolution also underscores the importance of robust security measures for cloud-based data storage systems, especially as businesses continue migrating critical infrastructure to cloud platforms. The 2024 breach specifically targeted AT&T’s Snowflake data warehouse, demonstrating that even sophisticated cloud implementations require comprehensive security protocols.
Notably, the settlement agreement explicitly states that AT&T settled “without any admission of liability or wrongdoing,” a common provision in class action resolutions that allows companies to resolve litigation while avoiding formal admissions that could affect other legal proceedings.
For the millions of affected AT&T customers, the settlement represents an opportunity to receive compensation for the exposure of their personal information. However, the varying documentation requirements and compensation tiers mean that claimants should carefully review which breach categories apply to their situation and gather appropriate evidence before submitting their claims.
Based on reporting by {‘uri’: ‘tomsguide.com’, ‘dataType’: ‘news’, ‘title’: “Tom’s Guide”, ‘description’: “Think of us as your geeky friend who’s always on call. From smartphones to cord-cutting to video games, we’ve got your tech needs covered. Part of @FuturePLC”, ‘location’: {‘type’: ‘place’, ‘geoNamesId’: ‘5128581’, ‘label’: {‘eng’: ‘New York City’}, ‘population’: 8175133, ‘lat’: 40.71427, ‘long’: -74.00597, ‘country’: {‘type’: ‘country’, ‘geoNamesId’: ‘6252001’, ‘label’: {‘eng’: ‘United States’}, ‘population’: 310232863, ‘lat’: 39.76, ‘long’: -98.5, ‘area’: 9629091, ‘continent’: ‘Noth America’}}, ‘locationValidated’: False, ‘ranking’: {‘importanceRank’: 167019, ‘alexaGlobalRank’: 1518, ‘alexaCountryRank’: 630}}. This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.
