The tech giant has agreed to pay millions after multiple breaches exposed customer information.
AT&T has agreed to pay $177 million in a legal settlement after a third data breach exposed the personal information of millions of its customers. A federal judge in Dallas gave early approval for the settlement, saying it was fair. The decision brings a close to a group of lawsuits filed against the telecom company after the exposure of sensitive data. These lawsuits came after customers discovered their information had been compromised during two separate events in 2024.
The company stated it will pay customers who experienced financial harm as a result of the breaches. Depending on which incident affected them, eligible customers can receive either $2,500 or $5,000 if they can show their losses were caused by the security failures. After those payments are made, the rest of the money will be divided among all other customers whose information was accessed but who did not suffer direct financial harm.
AT&T maintains it did nothing wrong and denies that it was at fault. The company said it chose to settle to avoid the long and expensive court process that could have stretched over several years. Though it did not accept blame, AT&T has publicly acknowledged the breaches. It expects the settlement to receive final approval by the end of 2025 and says payments will likely begin early the following year.
One of the security failures involved the illegal downloading of data related to more than 100 million customer accounts. The incident affected information stored on a cloud platform called Snowflake, where about six months of customer call and text data from 2022 had been saved. AT&T reported that this exposure included nearly every customer who used their wireless service during that time.
Another breach was discovered in March 2024, when a data set appeared on a dark web forum. After investigating, AT&T said the data likely came from 2019 or earlier. It included information from around 7.6 million current customers and over 65 million former ones. The company was unable to confirm exactly how the data was taken, but it admitted that it had been copied and leaked.
Regulators are also involved. The Federal Communications Commission is looking into the security practices that may have allowed these events to happen. The FCC had already fined AT&T $13 million in a separate case related to a breach in January 2023. That earlier incident, involving a cloud vendor, affected about 9 million customers. In that case, customer information from 2015 to 2017 was found on systems that should have been wiped years earlier.
The growing number of data leaks affecting major companies has caused concern among consumers and government agencies. More people are questioning how secure their personal information really is and whether companies are doing enough to protect it. While AT&T is not the only major company to face legal trouble over data safety, the size of this settlement places it among the more serious recent cases.
Although many details remain unclear—such as how hackers gained access or whether internal errors made things worse—the company now finds itself under more pressure to fix weaknesses in its systems. As the public becomes more aware of digital privacy issues, the spotlight remains on how big firms like AT&T handle and protect private data. The $177 million settlement may not restore trust overnight, but it is one of the largest payouts of its kind and could send a message to other companies that poor data security comes with real financial consequences.
Sources:
AT&T to pay $177M in data breach settlement
$177 Million AT&T Data Breach Settlement Wins US Court Approval
Join the conversation!