AT&T to Pay $177 Million to Data Breach Victims

AT&T has agreed to a $177 million settlement to compensate customers affected by two major data breaches that exposed sensitive personal data.

The first breach, linked to the hacker group Shiny Hunters, began as early as 2019. Although AT&T initially denied involvement, a leak of data from over 70 million users—including login passcodes—surfaced for sale in March 2024. The company confirmed the breach in April 2024, affecting 73 million current and former customers.

A second breach, disclosed in July 2024, compromised the call and text records of nearly 109 million users. This breach stemmed from a cyberattack on AT&T’s third-party cloud storage provider, Snowflake.

As a result, AT&T faced multiple class-action lawsuits. A U.S. District Judge has now given preliminary approval to a settlement, offering compensation of up to $5,000 for the 2019 breach and $2,500 for the 2024 incident. Priority will be given to individuals with documented financial damages, though even those without proof may receive payments.

Notices will be sent by August 4, 2025. Claims must be submitted by November 18, 2025, and payments will begin in early 2026 following a final hearing on December 3, 2025.