AT&T data breach class action settlement could pay customers $7,500

When it comes to giving tech companies our data, we have a certain amount of trust that they will protect it.

After all, we give them our most personal information, including Social Security numbers and passwords, with the expectation that they will keep it safe. Most of the time, that trust goes unquestioned. But every once in a while, it’s broken.

AT&T’s $177 million data-breach settlement is a stark reminder that even the biggest companies can put our data at risk.

AT&T Inc. has agreed to a $177 million settlement to resolve class-action lawsuits. These stemmed from two major data breaches that affected millions of current and former customers whose personal data ended up on the dark web.

The company did not admit wrongdoing but opted to settle to avoid prolonged litigation costs and risk.

“We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” AT&T said in statement to AP News, adding that the company remains “committed to protecting our customers’ data and ensuring their continued trust in us.”

In March 2024, AT&T revealed it had exposed data from approximately 7.6 million current customers and 65.4 million former account holders, including Social Security numbers, birthdates, and passcodes. The sensitive information was posted online, as reported by AP.

Related: Verizon quietly makes aggressive move to stop fleeing customers

Later in 2024, the company revealed a second breach, this time involving unauthorized downloads of call- and text-related data from a cloud platform dating back to 2022.

AT&T stated the breach did not include the content of calls or texts.

Both incidents led to multiple lawsuits consolidated in U.S. District Court for the Northern District of Texas.

The $177 million settlement resolves claims from both breaches.

The settlement is split into two sub-funds: roughly $149 million for the first breach (AT&T 1) and $28 million for the second (AT&T 2), also per AP.

Eligible claimants may receive:

• Up to $5,000 for documented losses from the first breach (AT&T 1).

• Up to $2,500 for documented losses from the second breach (AT&T 2).

• Customers impacted by both breaches could qualify for combined payments up to $7,500, according to Business Insider.

Payouts will depend on documented losses linked to the breaches and the number of valid claims. They will also be subject to the deduction of administration and legal fees.

To receive payment, claims must be submitted by December 18, 2025. Those wishing to opt out who then reserve the right to sue individually must do so by November 17, 2025.

The court will hold a final approval hearing on January 15, 2026, according to Telecom Data Settlement.

Steps for claimants:

1. Check eligibility through notices from Kroll Settlement Administration or the official website.

2. Gather documentation such as receipts, statements, monitoring fees, or other proof of breach-related losses.

3. Submit a claim online or via mail before the postmark deadline.

4. Decide whether to stay in the class or opt out. Doing nothing means remaining in the class and being bound by the settlement.

5. Monitor updates for the payment schedule after court approval.

This settlement provides affected customers a rare opportunity for financial recovery for personal data exposure on a large scale. However, the maximum payouts require documented losses, and many claimants may receive less.

From a corporate perspective, the $177 million payout underscores the financial and reputational risks of data breaches. For companies with large customer databases, proactive cybersecurity and early disclosure remain critical.

• $177 million settlement vs. AT&T’s annual revenue of $165 billion in FY 2024 shows the settlement is significant for affected consumers but modest relative to overall revenue.

• $149 million allocated to AT&T 1 breach, $28 million to AT&T 2 breach.

The AT&T settlement offers affected customers a clear path to compensation, but only if they act before deadlines. As data security continues to draw scrutiny, the case reinforces that protecting personal information is a substantial corporate responsibility that consumers also demand.

Related: T-Mobile announces free offer for Verizon and AT&T customers

This story was originally reported by TheStreet on Nov 15, 2025, where it first appeared in the Technology section. Add TheStreet as a Preferred Source by clicking here.