Key Takeaways:
• U.S. court grants preliminary approval to AT&T’s $177 million settlement over two major 2024 data breaches
• Customers with documented financial losses may receive up to $5,000; remaining funds to be distributed among all impacted users
• The breaches affected more than 100 million accounts, with data including call logs and account holder information
AT&T’s $177 Million Data Breach Settlement Gains Court Approval
A U.S. District Court judge in Dallas has preliminarily approved a $177 million class-action settlement involving AT&T, following two major data breaches disclosed in 2024. The breaches exposed sensitive customer information from more than 100 million accounts, marking one of the most significant privacy incidents in the telecom industry to date.
The decision moves the settlement toward finalization, which would bring resolution to dozens of consolidated consumer lawsuits. AT&T, while not admitting fault, agreed to the payout in order to avoid prolonged litigation and escalating costs.
Background on the Breaches
The settlement covers two separate security failures:
- The first involved unauthorized access to nearly 109 million records, including six months of call and text metadata from 2022. These records were stored in a Snowflake-hosted cloud database and were downloaded without detection.
- The second breach surfaced in March 2024, when datasets containing names, contact details, and account identifiers for approximately 73 million people—7.6 million current and 65.4 million former account holders—were found circulating online. This older data included account history and contact details that dated back as far as 2019.
Together, the incidents impacted both current and former customers across the U.S. and raised new questions about how telecommunications companies handle long-term data storage and third-party security practices.
Compensation Details
Under the settlement, individuals who can demonstrate direct out-of-pocket losses attributable to the breaches may qualify for reimbursements of up to $2,500 or $5,000, depending on the breach in question. This includes documented expenses such as credit monitoring services, time lost managing identity theft, or unauthorized financial activity.
After those claims are processed, any leftover funds from the $177 million pool will be distributed among other affected customers, even if they did not submit specific claims of loss. Those distributions are expected to take place following final court approval, which could come by the end of 2025, with payouts beginning in early 2026.
A Pattern of Scrutiny
The breaches followed another security lapse in 2023, when AT&T settled a $13 million enforcement case with the Federal Communications Commission involving the retention of outdated data for nearly 9 million customers. In that case, AT&T agreed to bolster its data deletion policies but had not yet fully implemented changes when the 2024 breaches occurred.
The company has said the breaches were the result of unauthorized access and not a direct result of a system failure on its part. Still, regulators and privacy advocates have pointed to a pattern of inconsistent data lifecycle management and growing reliance on cloud infrastructure as contributing risk factors.
Industry Impact
AT&T’s case is being closely watched by other telecom providers and enterprise-scale cloud clients as a benchmark for breach-related liabilities. Legal experts note that this type of settlement reflects a shift in how damages are calculated—balancing reimbursement for tangible losses with symbolic payouts for broader data exposure.
The Federal Communications Commission continues to investigate the 2024 incidents. The outcome of those inquiries could lead to further compliance mandates or enforcement actions.
Looking Forward
Assuming final approval later this year, the settlement will trigger a multi-step claims process for affected customers. Notifications are expected to be sent out in early 2026, and claims may be processed digitally to streamline the distribution of funds.
For AT&T and its peers, the incident underscores the mounting importance of proactive data security, strict third-party oversight, and timely data deletion protocols. As consumer expectations evolve and breach fatigue grows, how companies respond to security incidents—legally, financially, and operationally—will define trust and retention for years to come.
Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event, Sept 29-30, 2025 in DC.
If you liked this post, you’ll love one of the the leading global business communications and technology events since 1999, the ITEXPO #TECHSUPERSHOW, Feb 10-12, 2026 Fort Lauderdale, Florida.
Don’t forget the collocated MSP Expo – just for managed service providers!
Aside from his role as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026, Rich Tehrani is CEO of RT Advisors and a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.
The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.
The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.
Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing
