AT&T Settles Data Breaches For $177 Million
AT&T has received approval from a judge to move forward with settling multiple lawsuits related to two data breaches that occurred in 2024. Specifically, Ada Brown – a U.S. district court judge in Dallas – ruled that he company could move forward with a $177 million settlement to settle claims related to multiple data breaches that disclosed customer information in 2024. Read on to learn more about the settlement and the issues that gave rise to the data breaches.
What Happened?
On multiple occasions in 2024, hackers accessed customer information from AT&T’s network. Some of this information involved sensitive information such as Social Security numbers, passcodes, and other sensitive information.
Specifically, two separate breaches appear to have occurred. First, in March of 2024, hackers committed a data breach that compromised approximately 73 million records. These records contained data from current and former customers. AT&T initially denied any responsibility for the attack. However, in March 2024, the company admitted that the attack had occurred and that hackers had compromised sensitive data. In turn, the company required over 7 million users to reset their access credentials. Additionally, AT&T offered free credit monitoring services for all impacted customers.
Apart from the first incident, AT&T customer data was also compromised in a breach of Snowflake, a third-party service provider. In this incident, hackers appeared to have accessed information such as the phone numbers of affected customers, call durations, and cell-tower data. However, it does not appear that message content, Social Security numbers, or payment information were impacted in this breach. Furthermore, on May 17, 2024, a hacker from the ShinyHunters cybercrime group claimed that AT&T had paid a $ 373,000 ransom for the hackers to delete all compromised data.
Were You Impacted?
If you have (or had) an account with AT&T, there is a strong possibility that your personal information may have been compromised. For example, the first data breach described above compromised data for 65.4 million former customers and 7.6 million current customers. As mentioned above, AT&T reset login credentials for all 7.6 million of these customers. In the second instance, officials believe that data for nearly all current and former customers may have been involved. Further, data for approximately 86 million current and former customers reappeared online in May/June 2025. This data is presumed to be a compilation of the data involved in the two breaches cited above. Notably, this data includes sensitive information such as Social Security numbers, names, email addresses, and birthdates, which are stored in plaintext.
Filing Claims Against AT&T
As a result of the settlement, AT&T has agreed to a $177 million settlement to compensate customers for damages. Specifically, the settlement provides payments of up to $5,000 to affected customers. However, customers must prove that the losses are “fairly traceable” to one or both breaches. Any remaining funds will be used to compensate customers whose personal information was accessed in one or both breaches. Affected customers must file their claims by November 18, 2025. Payments are expected to be made on approved claims in the early portion of 2026.
Lessons Learned
These incidents continue to underscore the importance of companies maintaining vigilance in protecting the privacy and security of sensitive information. They should also remind consumers to adopt a proactive approach when it comes to sharing their data. Specifically, you should share only data that is absolutely necessary to serve a stated purpose or to complete a transaction. Continuously monitor your personal data through channels such as credit reports and make detailed inquiries when you notice suspicious activity. Furthermore, utilize multi-factor authentication (MFA) whenever possible, so that if a password is compromised, hackers will find it challenging to access your accounts due to the presence of an additional authentication factor.
Summary
Data breaches have, unfortunately, become almost an everyday occurrence. Moreover, no organization or individual is immune to a data breach or privacy issue, and AT&T is yet another unfortunate example of this truth. No matter whether you approach this topic from an individual level or an organizational level, ensure that you take reasonable and prudent steps toward reducing the probability of finding yourself or your organization in the middle of such a quagmire.
You can learn more about the AT&T issue by visiting https://www.k2e.com/articles/atampt-data-breach-what-to-know-what-to-do/. Also, you can learn more about our training options by visiting https://k2e.com/training.
