In 2025, AT&T agreed to a proposed $177 million settlement to resolve multiple class-action lawsuits stemming from major data breaches that exposed the personal information of millions of current and former customers. This comprehensive guide explains the background of the breaches, the legal claims involved, settlement details, eligibility criteria, compensation amounts, and what affected consumers should do next.
AT&T Data Breach Lawsuit: Background and Breach Details
What Happened?
AT&T disclosed two significant data breaches that occurred between 2019 and 2024, affecting tens of millions of people. The first breach, which began as early as 2019, exposed sensitive information including names, Social Security numbers, dates of birth, and account passcodes for about 7.6 million current and 65.4 million former AT&T customers. Customer data appeared on the dark web and other online platforms, raising concerns about identity theft and fraud.
The second breach was revealed in 2024, involving a cyberattack on AT&T’s cloud storage provider Snowflake. Hackers accessed call and text metadata—not content—covering nearly all of AT&T’s U.S. cellular customers (approximately 109 million people) for parts of 2022 and early 2023. Although no names were linked to this metadata, the incident still presented significant privacy risks, and arrests were made related to the breach.
Legal Claims and Allegations
- Class-action lawsuits alleged AT&T failed to adequately protect customer data and delayed disclosure of the breaches, breaching consumer trust and violating data protection laws.
- Plaintiffs argued AT&T’s security lapses exposed customers to risks of identity theft, financial loss, and privacy violations.
- Lawsuits sought compensation for damages suffered due to the breaches, as well as stronger security and monitoring measures from AT&T.
Settlement Details and Compensation
The $177 Million Settlement Fund
In 2025, a federal judge gave preliminary approval to a $177 million settlement resolving the class actions related to both data breaches. The settlement fund will be used to compensate claimants and cover legal fees, administration costs, and incentive awards to class representatives.
Who Is Eligible to File a Claim?
- Current or former AT&T customers whose personal information was compromised in either data breach between 2019 and 2024.
- Customers who can document damages or losses attributable to the breaches will be prioritized for larger payouts.
- Even individuals without proven damages may receive some compensation after higher priority claims are paid.
Compensation Amounts and Structure
- Claimants affected by the 2019 breach may receive up to $5,000 in compensation, but must provide proof of losses (financial or time-based).
- Those affected by the 2024 Snowflake metadata breach can receive up to $2,500.
- The total amount each individual receives depends on how many claims are filed and how many high-priority claims are approved before funds run out.
Claim Process and Deadlines
- Eligible claimants will receive notifications by mail, email, or through their AT&T accounts starting August 4, 2025, through October 17, 2025.
- The deadline to submit claims is November 18, 2025.
- Payments are expected to begin in early 2026 after final court approval, scheduled for December 3, 2025.
Impact and Broader Implications
For Consumers
- The settlement offers a way for millions of consumers to receive monetary relief for privacy violations and potential damages without prolonged litigation.
- The lawsuit highlights the risks and consequences of data breaches in large telecommunications companies, emphasizing the importance of cybersecurity.
- Awareness of data protection and monitoring services is expected to increase as customers respond to breach notifications and claims.
For AT&T and Industry Practices
- The case underscores increasing legal and regulatory pressures on telecom providers to safeguard sensitive customer data.
- It may lead to strengthened security protocols, faster breach disclosures, and improved transparency in how companies handle data incidents.
- The settlement’s denial of responsibility by AT&T highlights the common practice of settling large class actions without admissions of fault while providing consumer benefits.
Frequently Asked Questions About the AT&T Data Breach Lawsuit
What data was exposed in the AT&T breaches?
Personal customer information including names, Social Security numbers, dates of birth, account passcodes (from the 2019 breach), and detailed call and text metadata (from the 2024 breach) were exposed.
Am I eligible for compensation?
If you were a current or former AT&T customer whose data was compromised in either breach, you are likely eligible to file a claim and receive compensation.
How do I file a claim?
Eligible individuals will receive notice by mail, email, or AT&T account message. After notification, claims can be submitted through the settlement website or a designated claims portal by November 18, 2025.
When will claimants get paid?
Payments are expected to begin in early 2026 after final court approval and processing of claims.
Did AT&T admit fault?
No. While AT&T agreed to the settlement to avoid prolonged litigation, the company denies responsibility for the breaches.
Conclusion
The AT&T data breach lawsuit represents one of the largest settlements addressing massive exposures of personal information involving telecommunications customers. For millions affected, it offers a chance at compensation and a spotlight on the critical need for robust cybersecurity in protecting consumer data in an era of increasing digital threats. Consumers and companies alike are reminded of the real-world consequences of data breaches, while legal and regulatory frameworks continue to evolve to address these modern challenges.
