AT&T Will Pay $177 Million to Settle Data-Breach Lawsuits: 4 Things to Know

AT&T has denied the allegations in the two lawsuits and agreed to the settlement to avoid engaging in protracted litigation.
AT&T Will Pay $177 Million to Settle Data-Breach Lawsuits: 4 Things to Know
A sign in front of an AT&T retail store in San Rafael, Calif., on May 17, 2021. Justin Sullivan/Getty Images
Jack Phillips
Jack Phillips
Breaking News Reporter
|Updated:
0:00

AT&T agreed to pay $177 million to settle two class-action lawsuits related to data breaches that targeted AT&T customers in recent years, meaning that impacted parties will soon be eligible to collect part of that settlement.

Two lawsuits were filed against AT&T regarding two data breaches that the Dallas-based telecommunications company had confirmed last year, impacting tens of millions of current and former customers who used the company’s cellphone service.

In statements to the media, AT&T has denied the allegations in the lawsuits and agreed to the settlement to avoid engaging in protracted litigation.

Who May Be Eligible

U.S. District Judge Ada Brown in Dallas said last month in a ruling that the class-action settlement was “fair, reasonable, and adequate.” Her order has AT&T dole out $149 million in the first class-action settlement and $28 million in the second one.

“The Settlement Funds will be used to pay for each class’s respective Settlement Class Member Benefits; Settlement Administration Costs; any Court-approved attorneys’ fees and costs to Class Counsel; and any Court-approved Service Awards to Plaintiffs for serving as Class Representatives,” said the June 20 ruling. “The Settlement Funds will be created and funded subject to the terms of the Settlement.”

Under the order, the settlement will be paid out to current or former AT&T customers whose data was breached in the two incidents.

Individuals will likely be notified on whether they are qualified to receive a portion of the settlement sum by Aug. 4, 2025, the order said.

They will be notified by Oct. 17, 2025, on the completion of the settlement program. The deadline to file a claim, if eligible, is Nov. 18, 2025, the court papers say. A final approval was set for Dec. 3, 2025, the papers show.

AT&T had a July 3 deadline to fund an “initial portion” of two escrow accounts used for the two settlements, the judge ruled.

The deadline for qualified individuals to opt out or object to the two settlements is Oct. 17, 2025, according to court filings.

What AT&T Has Said

AT&T said in a statement last month to multiple news outlets that it is denying allegations it was “responsible for these criminal acts” related to the data breach.

The company stated that it has “agreed to this settlement to avoid the expense and uncertainty of protracted litigation.”

AT&T continued to say that it expects the settlement will be approved by the end of 2025, with settlement payments to be issued early next year.

“We remain committed to protecting our customers’ data and ensuring their continued trust in us,” the company added.

The Epoch Times contacted AT&T for comment Tuesday.

What Happened

One of the incidents related to the lawsuit resulted in the illegal downloading of about 109 million customer accounts at the U.S. wireless company. AT&T disclosed that its call logs were copied from its workspace on a Snowflake cloud platform covering about six months of customer call and text data from 2022 from nearly all its customers.
And in March 2024, AT&T said it was investigating a data set released on the “dark web” and that its preliminary analysis showed it affected approximately 7.6 million current account holders and 65.4 million former account holders.
AT&T added in its statement that it “launched a robust investigation supported by internal and external cybersecurity experts” and noted that the leaked dataset appeared to have been from 2019 or earlier, impacting roughly 7.6 million AT&T account holders at the time as well as “approximately 65.4 million former account holders.”
The telecommunications giant said in July 2024 that a second breach occurred that compromised calls and texts of “nearly all of AT&T’s cellular customers” and AT&T landline customers who “interacted” with those cellphone numbers between May 1, 2022, and Oct. 31, 2022. Customers of AT&T’s mobile virtual network operators were also impacted, it said.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” the statement said. “It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”

Federal Agency Involved

The Federal Communications Commission (FCC) has said it is also investigating the data breaches.

In September, AT&T agreed to pay $13 million to resolve an FCC investigation over a data breach of a cloud vendor in January 2023 that impacted 8.9 million AT&T wireless customers.

The FCC said in September of last year that the data exposed in 2023 covered customers from 2015 through 2017 and should have been deleted in 2017 or 2018.
Reuters contributed to this report.
Google LogoMark Us Preferred on Google
Jack Phillips
Jack Phillips
Breaking News Reporter
Jack Phillips is a breaking news reporter who covers a range of topics, including politics, U.S., and health news. A father of two, Jack grew up in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter