AT&T Data-Breach Settlement: Last Chance to Claim Up to $7,500 Before Dec. 18
Settlement covers two major incidents affecting millions of customers; claim deadline approaches as Pay-out totals reach $177 million.
AT&T customers have until December 18, 2025, to file claims in a data-breach settlement that could yield as much as $7,500 per person for those affected by two separate incidents tied to the telecom giant. The settlement, reached after multiple lawsuits, resolves allegations that AT&T failed to prevent breaches that exposed sensitive information. The company says it denies wrongdoing but agreed to the payout to avoid the expense and uncertainty of protracted litigation.
The two breaches span more than a year and a half of events. The first breach, in 2019, involved personal data such as Social Security numbers, birth dates and legal names. It was not disclosed until March 2024, by which time a broad swath of customer data — including addresses, Social Security numbers and passwords — had already circulated on the dark web. In total, 7.6 million current AT&T customers and 65.4 million former account holders were affected. The second breach occurred in April 2024 and was disclosed in July 2024; it involved hackers who illegally downloaded customer phone records from 2022.
Following years of litigation, the parties agreed to a $177 million settlement in March 2025. The payout is split into $149 million for victims of the 2019 breach and $28 million for those impacted by the 2024 breach. In a statement to USA Today, AT&T emphasized that it denies the allegations but intends to settle to avoid ongoing litigation: “While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation.”
To file a claim, customers must visit the Kroll Settlement Administration site and use a Class Member ID found in a notification from Kroll, typically sent by email. Those unsure if they are covered can call 833-890-4930. Claimants may complete the forms online or print and mail them to the AT&T Data Incident Settlement, c/o Kroll Settlement Administration LLC; P.O. Box 5324; New York, NY 10150-5324.
The settlement sets out several payment pathways. For the 2019 breach, claimants may be eligible for up to $5,000 if they can demonstrate documented losses stemming from the breach. If losses cannot be documented, eligible recipients will receive either Tier 1 or Tier 2 cash payments depending on whether their Social Security number was included in the breach. Tier 1 payments are reportedly five times the amount of Tier 2 payments. For those affected by the July 12, 2024, data incident, eligible losses can bring up to $2,500 in compensation, with a pro rata share of any remaining funds available to those who cannot show losses after administration costs and claims are issued. According to the settlement site, victims of both breaches can be eligible for up to $7,500 in total compensation.
Claimants who cannot document losses still have a path to recovery via a pro rata distribution, meaning any remaining monies will be divided among eligible claimants after administration costs and approved claims. The process is designed to be accessible to the broad population of affected AT&T customers, including current and former account holders. As the deadline approaches, consumer advocates emphasize that it is important for claimants to retain any records of losses, correspondence from Kroll, and any communications related to the breaches, as these documents can help substantiate claims.
AT&T’s case underscores the ongoing scrutiny of how large companies handle customer data and respond to breaches. The two incidents highlighted the scale at which compromised information can ripple across ecosystems, affecting tens of millions of individuals, including current customers and former account holders. Privacy and cybersecurity experts note that even when companies deny liability, settlements can provide a path for victims to recover some losses and for firms to resolve disputes and move forward.
Claimants should be mindful of the deadline and the steps necessary to file. The Kroll Settlement Administration’s online portal is the primary vehicle for submissions, and applicants should ensure they have their Class Member ID ready before attempting to file. Those who need assistance can reach out to the toll-free line listed in the notification and request guidance on the claims process. In the meantime, industry observers say this settlement may influence how other organizations manage post-breach communications and resolution strategies in the future.
With the deadline looming, eligible AT&T customers are encouraged to act promptly, gather documentation of any losses, and file through the official Kroll channel to ensure consideration for a share of the settlement fund. The final distribution will depend on the number of eligible claims and the total amount of documented losses, as well as the administrative costs associated with processing the settlement. The case stands as a notable example of how the aftershocks of data breaches can unfold across years and how settlements attempt to balance accountability with practical remedies for those affected.