AT&T Agrees to $177 Million Settlement After Massive Customer Data Breaches

CLEVELAND 13 (WCTU) — A federal judge in the Northern District of Texas granted preliminary approval on June 20 to a $177 million class-action settlement between AT&T and users affected by two separate data breaches. The agreement resolves claims related to unauthorized access to customer data in incidents reported in 2024.

Under the terms of the settlement, AT&T will allocate $149 million to compensate victims of a breach involving customer data dating back to 2019 or earlier, and $28 million for claims tied to a separate breach of call and text metadata spanning from May to October 2022 and early January 2023. Customers who can document financial losses linked to the 2019-era breach may receive up to $5,000. Those impacted by the Snowflake cloud breach can claim up to $2,500.

The first breach involved a leak of information affecting approximately 7.6 million current and 65.4 million former customers. The second incident exposed call and text metadata from nearly 109 million accounts, though it did not include the contents of communications or sensitive identifiers such as Social Security numbers.

All settlement-related communications are scheduled between August 4 and October 17. Affected individuals must file claims by November 18. A hearing for final approval is planned for December 3, and payments are expected to be disbursed in early 2026.

“While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” the company said in a statement. “We remain committed to protecting our customers’ data and ensuring their continued trust in us.”

The company previously faced a separate $13 million penalty from the Federal Communications Commission over a 2023 vendor breach involving millions of customers. Regulatory scrutiny over AT&T’s data security practices remains ongoing.

The settlement follows increasing concern about how companies manage data on third-party platforms. Legal experts say the case may influence corporate liability standards for cybersecurity failures involving external cloud services.

Eligible customers will receive direct notifications with instructions for filing claims. Payments will be determined based on documented losses and may include additional pro rata distributions for other affected individuals.

“This settlement highlights global data protection trends,” a data-privacy advisor noted. “Companies must assess liability from third-party cloud services… and implement clear remediation plans,” including compensation and governance reforms.

-------------

At Cleveland 13 News, we strive to provide accurate, up-to-date, and reliable reporting. If you spot an error, omission, or have information that may need updating, please email us at tips@cleveland13news.com. As a community-driven news network, we appreciate the help of our readers in ensuring the integrity of our reporting.