AT&T Data Breach Settlement: Full Guide

TL;DR

The AT&T data breach settlement comes out of 2 different security incidents. In the first AT&T data breach, highly sensitive customer data was exposed, including names, addresses, phone numbers, birth dates, account details, and for some people even Social Security numbers and passcodes. In the second AT&T data breach, attackers accessed call and text metadata, which can still reveal a lot about a person’s life even without message content.

The proposed AT&T data breach class action settlement is meant to compensate eligible people depending on which breach affected them and what kind of losses they can prove. 

The AT&T data breach settlement claim process is no longer open because the deadline has passed, but the case still matters: if your data was exposed, you should change reused passwords, enable strong two-factor authentication, secure your email, monitor financial and mobile account activity, and stay alert for phishing and identity fraud.

AT&T Data Breach: What Happened

AT&T publicly disclosed two different incidents in 2024, and they were not clones of each other. They involved different types of data, different technical contexts, and different kinds of risk for customers. That is why the AT&T data breach class action settlement is split into separate settlement classes.

The first AT&T data breach became public in March 2024. Sensitive data for 7.6 million current users and 65.4 million former customers had appeared on the dark web. According to the company, the information appeared to date back to 2019 or earlier.

A variety of highly sensitive customer data has been leaked, including:

• full names
• email addresses
• mailing addresses
• phone numbers
• dates of birth
• AT&T account numbers
• billing account numbers
• account passcodes
• Social Security numbers for some users

AT&T initially denied everything. They only caved after security researchers proved the leaked archive contained weakly encrypted passcodes. Armed with a victim's SSN, birthday, and address, threat actors had the perfect contextual roadmap to logically guess and reverse-engineer those 4-digit PINs. Cornered by public proof, AT&T capitulated on March 30, 2024, triggering a mandatory mass passcode reset for 7.6 million active users.

Then came the second AT&T data breach, disclosed in July 2024. Attackers used "infostealer" malware and compromised a third-party cloud environment hosted by Snowflake, Inc. This time, the hackers snatched metadata from nearly all AT&T wireless customers over a six-month period. It affected ~109 million people (nearly all active wireless users).

The exposed data reportedly included:

• the phone numbers an AT&T number contacted
• the phone numbers that contacted that AT&T number
• how many interactions occurred
• aggregate call duration for a day or month
• for a subset of people, one or more cell site identification numbers

Why does that matter? Because metadata is often more revealing than people expect.

Metadata can allow attackers to map a target's entire social and professional network. A critical third-order threat arises from the intersection of these datasets: sophisticated threat actors can link the raw phone numbers in the Snowflake metadata to the PII leak to reveal the call logs, creating highly detailed, searchable profiles of their targets.

Who was impacted by the AT&T data breach?

The first AT&T data breach reportedly affected current and former account holders alike. This means that people who left AT&T years ago could still be part of the AT&T data breach class action settlement, as old data was still involved.

The second AT&T data breach had a wider reach in a different way. It reportedly impacted almost all AT&T wireless customers during the affected period. It also touched upon customers of mobile virtual network operators that use AT&T’s wireless network and could include interaction records involving non-AT&T numbers that communicated with affected AT&T lines.

AT&T Data Breach Settlement Explained

Immediately following the dual security disasters, a wave of consumer lawsuits flooded the courts. To prevent judicial chaos, the US Judicial Panel on Multidistrict Litigation consolidated these disparate cases into a single docket (MDL No. 3114) overseen by Judge Ada E. Brown in Texas.

Faced with the threat of a highly public discovery process that would expose their internal cybersecurity failures, the telecoms giant chose to negotiate. In March 2025, the parties reached a massive $177 million AT&T data breach class action settlement. Unsurprisingly, AT&T officially denied any legal liability, claiming that they were ultimately the victims of sophisticated cybercriminal syndicates.

The court strictly divided the overall AT&T data breach settlement fund to reflect the different groups of victims affected by the two incidents:

This combined capital pool covers administrative costs, lawyers' fees and direct cash compensation for victims. In June 2025, Judge Brown granted preliminary approval, officially kicking off the claims phase.

To execute a payout of this magnitude, the court appointed Kroll Settlement Administration. They launched a centralized portal and distributed official notices containing cryptographically secure Class Member IDs to millions of affected users. The amount of your final payout depended heavily on how accurately you filed your subsequent AT&T data breach settlement claim.

AT&T Data Breach Settlement Claim: How to Claim

This section needs one blunt sentence right at the top: the AT&T data breach settlement claim deadline has already passed.

How the claims process worked

Kroll Settlement Administration was responsible for the logistics. Victims visited a dedicated portal to initiate their AT&T data breach settlement claim. They could either opt for a flat-tier cash payout or attempt to prove that the hack had directly ruined their finances in order to receive a larger payout.

What information or documents were needed

A claimant would need information that could support both identity and causation. That could include:

• notice details or class member identifiers, if received
• contact information tied to the affected account or line
• records showing out-of-pocket losses
• fraud or bank documentation
• credit monitoring or identity recovery expenses
• supporting documents showing the loss was fairly traceable to the relevant AT&T data breach

How to check eligibility

If your data was swept up in the AT&T data breach, you likely received a physical postcard or an email containing a Notice ID. If that mail got lost in the shuffle, users could punch their account info into the Kroll settlement site or dial the admin hotline to verify their status.

Key Deadlines, Payouts, and Case Status

• Claim deadline: The AT&T data breach settlement claim deadline was December 18, 2025. That deadline has passed.
• Final approval timeline: The final approval hearing for the AT&T data breach class action settlement was held on January 15, 2026. As of the latest public update, the court is still considering whether to approve the AT&T data breach settlement.
• When payments may be sent, if approved: If the AT&T data breach settlement receives final approval, payments would not go out instantly. Settlement administration takes time. Claims have to be reviewed. Any appeals have to expire or be resolved. Only after that does distribution begin. So the honest answer is this: if approved, payments may be sent later, but there is no clean payout date people can rely on yet.

What to do if you missed the claim deadline

If you are reading this after 18 December 2025 and you never submitted your AT&T data breach settlement claim, you will not receive any direct compensation from this $177 million fund. Your right to sue AT&T individually also vanished.

What can you do now? Read below.

What You Should Do If Your Data Was Exposed

If your information was caught up in the AT&T data breach, do not treat it like old news. Breach data rarely dies: it gets resold, repackaged, combined with other leaks, and reused months later in phishing, account takeover attempts, SIM-swap fraud, and identity scams.

Take these non-negotiable defensive steps:

1. Change your AT&T account passcode and any password that overlaps with other services. If you still reuse passwords anywhere, stop now. One leaked credential set can act like a master key when attackers test it across email, banking, shopping, and cloud accounts.

2. Turn on strong two-factor authentication wherever you can, especially for email. That matters because email is often the reset button for everything else. If someone gets into your inbox, they may not need your bank password at all. They can just reset it.

3. Watch your bank statements, credit card activity, and mobile account alerts. Small weird charges, sudden SIM issues, password reset emails you did not request, or messages about account changes can be the first visible signs that stolen data is being used.

4. Check your credit reports. If your Social Security number or other identity data may have been exposed in the first AT&T data breach, consider a fraud alert or credit freeze. A freeze is annoying for ten minutes, while an identity theft can be annoying for years.

5. Stay alert for phishing. This is where a lot of people get burned after a breach. Attackers already know your phone number, maybe your address, maybe your account details. That makes scam emails and texts look much more believable. A fake “AT&T security notice” feels very different when it includes real personal information.

If your call or text metadata was part of the later incident, think beyond identity theft. Metadata can reveal patterns: who you talk to, when, how often, and sometimes where from. That can be enough for targeted scams, social engineering, blackmail attempts, or business reconnaissance. Entrepreneurs, journalists, lawyers, executives, and founders should take this especially seriously.

6. Finally, stop trusting standard, plain-text providers with your sensitive personal data. Upgrade your daily communications to an encrypted email provider like Atomic Mail, where your absolute privacy isn't reliant on a massive corporation's faulty cloud configurations.

FAQ: AT&T Data Breach Settlement

How do I know if my data was in the AT&T data breach?

Those officially impacted by the breaches received a formal notice containing a unique Class Member ID via email or physical postcard. If you lost yours, you had to verify your account status via the official Kroll portal before claiming your AT&T data breach settlement.

Is the AT&T data breach settlement real?

Yes. The AT&T data breach settlement is the official proposed class action resolution tied to the 2024 data incidents. The claim deadline has passed, and the court was still considering final approval at the latest official update.

What was exposed in the AT&T data breach?

The two incidents were different. One involved personal customer data such as names, contact details, dates of birth, account information, and for some people Social Security numbers and passcodes, while the other involved call and text metadata rather than message content.

Who qualifies for the AT&T data breach class action settlement?

Eligibility depended on whether your data fell within one of the two settlement classes tied to the incidents. This could apply to current and former customers, as well as line or end users connected to affected AT&T accounts.

Can I still file an AT&T data breach settlement claim?

No. The AT&T data breach settlement claim deadline was December 18, 2025.

How much money will people get from the AT&T data breach settlement?

There is no fixed amount every person will receive. Payouts under the AT&T data breach class action settlement depend on the settlement terms, the category of claim, the number of valid claims, administrative costs, and whether the court grants final approval.

What if I missed the AT&T data breach settlement claim deadline?

You likely cannot file late unless an official change is announced, which is uncommon. The practical next step is to monitor official case updates and focus on protecting your accounts and identity.

What should I do now if my data was exposed?

Change any overlapping passwords, secure your email account, enable strong two-factor authentication, monitor your financial activity and be on the lookout for phishing attempts. If your sensitive identity data may have been exposed, consider placing a credit freeze or setting up a fraud alert.

‍