June 23, 2025 – Dallas: A United States federal judge has granted preliminary approval to a $177 million settlement in a class-action lawsuit against AT&T, after a plethora of data breaches that exposed the personal data of tens of millions of its customers in 2024.
In a ruling filed by U.S. District Judge Ada Brown in Dallas, the court decision is a substantial advancement in giving accountability to the claims of consumers that AT&T compromised the most sensitive information of consumers and failed to uphold the sanctity of sensitive data.
AT&T will compensate customers whose data exposure stemmed from two breaches it disclosed in May and July 2024.
Under the agreement:
- AT&T will process these payments and then distribute the remaining funds to the customers whose personal data hackers accessed.
- Customers who suffered financial losses directly linked to the breaches can receive up to $2,500 or $5,000, depending on which breach impacted them.
AT&T has not issued a press release, or other public statement related to the court ruling as of yet.
Details of the Breaches
One of the breaches occurred when unauthorized parties downloaded call and text records from approximately 109 million customer accounts. The compromised data, dating back to 2022, was stored on AT&T’s Snowflake cloud platform.
“This is a wake-up call for all organizations handling sensitive data. Consent and data minimization are not optional anymore—they’re the foundation of trust. If you collect it, protect it.” – Gaurav Mehta, co-founder of Concur – Consent Manager
In the other breach, discovered in March 2024, AT&T confirmed that a data set found on the dark web contained personal information of over 73 million individuals—including around 7.6 million current and 65.4 million former account holders. The compromised data reportedly dated back to 2019 or earlier.
Broader Investigations
Alongside the class-action lawsuit, the Federal Communications Commission (FCC) is running its own investigation. In a related case, AT&T agreed in September 2024 to pay $13 million to settle an FCC probe. That probe was linked to a 2023 breach involving a cloud vendor. The incident exposed the data of 8.9 million customers. The records dated back as far as 2015. According to the FCC, this data should have been deleted years ago.
The case has once again raised concerns about how companies handle and store customer data. This is especially true for large firms with millions of users. The court will hold a final hearing later this year to decide on full approval of the settlement. If approved, the case could set a strong precedent. It may shape how future data breaches are managed under the DPDPA and global privacy laws.
Also Read : Apple, Google, Facebook Among Victims in 16 Billion Password Leak
