When it comes to providing our data to tech companies, we have some confidence that they will protect it.
After all, we give them our most personal information, including Social Security numbers and passwords, with the expectation that they will keep it secure. Most of the time, that trust goes unquestioned. But from time to time it breaks.
AT&T’s $177 million data breach settlement is a stark reminder that even the largest companies can put our data at risk.
AT&T customers may be eligible for a major settlement due to a data breach.Image source: Shutterstock
AT&T Inc. agreed to a $177 million settlement to resolve class action lawsuits. These arose from two major data breaches affecting millions of current and former customers whose personal data ended up on the dark web.
The company did not admit wrongdoing but chose to settle to avoid the costs and risks of prolonged litigation.
“We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” AT&T said in a statement to AP News, adding that the company remains “committed to protecting our customers’ data and ensuring their continued trust in us.”
In March 2024, AT&T revealed that it had exposed data on approximately 7.6 million current customers and 65.4 million former account holders, including Social Security numbers, dates of birth, and passcodes. The sensitive information was posted online, the AP reported.
Related: Verizon quietly takes aggressive steps to stop fleeing customers
Later in 2024, the company revealed a second breach, this time involving unauthorized downloads of data related to calls and text messages from a cloud platform dating back to 2022.
AT&T stated that the breach did not include the content of calls or text messages.
Both incidents led to multiple consolidated lawsuits in the United States District Court for the Northern District of Texas.
The $177 million settlement resolves claims of both violations.
The deal is divided into two subfunds: approximately $149 million for the first offense (AT&T 1) and $28 million for the second (AT&T 2), also according to AP.
Eligible claimants can receive:
-
Up to $5,000 for documented first violation losses (AT&T 1).
-
Up to $2,500 for documented losses from the second offense (AT&T 2).
-
Customers affected by both breaches could qualify for combined payments of up to $7,500, according to Business Insider.
Payments will depend on documented losses related to violations and the number of valid claims. They will also be subject to the deduction of administration and legal expenses.
To receive payment, claims must be submitted by December 18, 2025. Those who wish to opt out and then reserve the right to sue individually must do so by November 17, 2025.
