AT&T has agreed to pay up to $7,500 to customers whose personal data was exposed in two separate breaches, settling a $177 million lawsuit that followed a wave of complaints.
The settlement, announced earlier this year, resolves claims stemming from incidents that occurred in 2024 and involve data belonging to millions of current and former AT&T customers dating back to 2019 or earlier.
The first incident, on March 30 2024, saw addresses, social security numbers, birthdates, passcodes, billing numbers and phone numbers released on the dark web, according to the Kroll Settlement Administration. The second breach involved call and text records for nearly all AT&T customers from May to October 2022, plus a small subset from January 2 2023, after data was “illegally downloaded from our workspace on a third‑party cloud platform” in April of last year.
AT&T, which has denied wrongdoing, issued a statement saying, “We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” and added that the company remains “committed to protecting our customers’ data and ensuring their continued trust in us.”
Customers affected by either or both breaches qualify to file a claim. Eligibility can be confirmed through the settlement’s website, where claimants provide a class member ID, email, AT&T account number or full name.
If a claimant does not receive a confirmation code and notice ID, the Kroll Settlement Administration can be reached at 833‑890‑4930 for assistance. The website will then reveal whether the individual is eligible and what documentation is required to complete the claim.
To file online, visit www.telecomdatasettlement.com and click “submit claim.” After entering the required identification details, claimants must upload supporting documents before the claim is accepted.
Mail‑in claims are also accepted. Send the completed claim form and any necessary documentation to AT&T Data Incident Settlement, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150‑5324.
The deadline for submitting a claim is Thursday, December 18. Online submissions must be received by that date, and mailed claims must be postmarked no later than December 18 to be considered.
Payout amounts vary by breach and overlap. Those impacted by the March incident may receive up to $5,000, while those affected by the July incident may collect up to $2,500. Customers who are “overlap settlement class members,” impacted by both breaches, may receive up to $7,500.
The settlement website outlines three payout tiers for the March breach. Tier 1 Cash Payment is available to members whose social security numbers were included; it equals five times the amount of a Tier 2 payment. Tier 2 Cash Payment covers members whose data elements were exposed but not their SSN. Tier 3 Cash Payment, linked to the July incident, is a pro‑rata share of the remaining settlement funds after administrative and legal costs; its exact amount depends on the net settlement available and the number of valid claims.
Key Takeaways
- The $177 million settlement covers two data breaches affecting millions of AT&T customers.
- Eligibility can be verified online or by phone; claims must be filed by December 18.
- Payouts range from $2,500 to $7,500 depending on breach overlap and tier.
Customers who suspect their personal information was compromised should act promptly, verify eligibility, and submit the required documentation before the deadline to secure their share of the settlement.
