AT&T $177 Million Settlement Over 2024 Data Breaches Exposing Customer Information
Deadline
Deadline: December 18, 2025
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
All claimants must provide their Class Member ID. Online claimants must also authenticate using one of the following: email address, AT&T account number, or full name as shown on the notice. To request reimbursement for documented losses, claimants must submit non-self-prepared documents (e.g., receipts or similar records) showing the loss and that it is fairly traceable to the applicable incident; self-prepared statements alone are not enough but can supplement other proof. Overlap claimants seeking documented losses for both incidents must submit separate, incident-specific documentation for each. No documentation is required for tiered/pro rata cash payments.
Settlement Summary
Two separate 2024 AT&T data incidents—one disclosed March 30, 2024 and another July 12, 2024—sparked a nationwide class action after customers’ information was allegedly exposed via the dark web and a third‑party cloud platform. The data at issue ranged from basic identifiers (names, addresses, emails, phone numbers, dates of birth) to higher-risk credentials like account passcodes, billing account numbers, and in some cases Social Security numbers; the July incident also involved certain call and network metadata (such as numbers interacted with, interaction counts, aggregate call durations, and limited cell-site identifiers). Because telecom accounts are often used as gateways to financial accounts and two-factor authentication, these kinds of leaks can lead to identity theft, SIM-swap attempts, phishing, and account takeover risks long after the initial breach. The lawsuit claimed AT&T and its affiliates didn’t adequately safeguard customer data, and it’s significant mainly because it converts alleged security failures into tangible, court-supervised consumer relief: a $177 million settlement split into a $149 million fund for the first incident and a $28 million fund for the second. Eligible class members can seek reimbursement for documented losses (up to $5,000 for the first incident and up to $2,500 for the second, subject to timing and traceability requirements) or receive smaller, pro‑rata cash payments without documentation, with higher “tier” payments for people whose Social Security numbers were involved. The claim deadline has been extended to Dec. 18, 2025, with a final hearing scheduled for Jan. 15, 2026, and AT&T denies wrongdoing while settling to avoid the expense and uncertainty of litigation. More broadly, the case fits a growing pattern of major data-breach class actions where plaintiffs must connect real-world harms to cybersecurity lapses, while companies point to evolving threats and third-party vendor risk—an especially acute issue as carriers rely on cloud platforms and complex data pipelines. Telecom providers also operate under a patchwork of privacy and security expectations, including Federal Communications Commission rules governing Customer Proprietary Network Information (CPNI) and the Federal Trade Commission’s authority to police “unfair or deceptive” data-security practices, alongside an expanding set of state privacy and breach-notification laws that can raise compliance costs and litigation exposure after an incident. Like similar breach settlements across tech, finance, and healthcare, the practical impact often extends beyond payouts by pressuring firms to strengthen controls around credential storage, access monitoring, vendor management, and incident response in an industry where leaked identifiers and call-related metadata can be uniquely sensitive and hard to “reset.”
Entities Involved
Eligibility Requirements
- Be a living person in the United States whose data may have been impacted by the AT&T data incident announced March 30, 2024 (AT&T 1 class), and/or
- Be an AT&T account owner, line user, or end user whose data may have been impacted by the AT&T data incident announced July 12, 2024 (AT&T 2 class)
- Submit a claim by the deadline (online submission or postmark by Dec. 18, 2025)
- If seeking a documented-loss payment: have losses that meet the applicable timing rules (AT&T 1: losses in 2019 or later; AT&T 2: losses on or after Apr. 14, 2024) and are fairly traceable to the relevant incident
- For AT&T 1 tiered payments: class members fall into Tier 1 (SSN involved) or Tier 2 (SSN not involved) based on what data was exposed
- For AT&T 2 documented-loss claims by line/end users who are not the account owner: provide the required account/line identifying information to file (or have the account owner file on the user’s behalf)
- If included in both incidents: may qualify for benefits in both classes, but must follow the rules for each claim type
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.