Millions of AT&T customers may soon receive compensation as part of a class-action settlement tied to two major data breaches that compromised sensitive customer information. A federal judge has granted preliminary approval for the settlement process to move forward, with customer notifications scheduled to begin on August 4, 2025.
The breaches, reported in 2024 but affecting data going back to 2019, exposed information of over 7 million current customers and more than 60 million former customers. While AT&T denies liability, the company has agreed to compensate affected individuals to avoid extended litigation and legal costs.
Table of Contents
AT&T Settlement Timeline for Claims and Final Court Approval
Customers who were impacted by the breaches can expect to receive official claim notifications between August 4 and October 17, 2025. These notices will inform them of their eligibility and how to file a claim. The deadline to submit claims is November 18, 2025, followed by a final settlement approval hearing on December 3, 2025.
While notifications and claims will be handled in 2025, settlement payments are not expected until early 2026, as the claims must be reviewed and processed after court approval.
Details of the Two Data Breaches
The first breach was publicly disclosed in March 2024 but involved customer data from as early as 2019. Information leaked included Social Security numbers, account passcodes, and other personal details. This affected millions of current and former customers.
The second breach involved the unauthorized access of call and text metadata belonging to AT&T wireless customers. It included records from May 1, 2022, to October 31, 2022, and January 2, 2023. AT&T stated that the content of messages and calls was not accessed, and no timestamps or names were included. However, the breach still raised concerns about customer privacy.
Who Is Eligible to File a Claim
Eligibility depends on which breach affected the individual. Two customer groups have been defined for this settlement:
1. 2019-Identified Breach Group
- Individuals whose personal data was exposed in the breach made public in 2024.
2. 2022–2023 Metadata Breach Group
- Customers whose call and text records were accessed without authorization.
Both current and former AT&T customers across the U.S. are included. Those with active accounts may receive digital notifications, while former customers will be contacted via U.S. mail.
Compensation and Claim Amounts
The amount each customer receives depends on the breach and the documentation provided.
| Breach Incident | Maximum Payout | Requirements |
|---|---|---|
| 2019 Data Breach | Up to $5,000 | Documentation of financial losses required |
| 2022–2023 Metadata Breach | Up to $2,500 | Documentation may not be required |
Customers with proof of identity theft, fraud, or credit monitoring expenses may qualify for higher payouts. The number of valid claims submitted may also affect the final amount per person.
Filing Process and What to Expect
Eligible individuals will be provided with a case number or account ID in their notification. Claims can be submitted online or by mail. Required documents, such as receipts or identity theft reports, should be attached if applicable. All claims must be filed by November 18, 2025.
AT&T has reiterated that it did not commit wrongdoing but chose to settle in the interest of its customers. The settlement is a key step toward resolving a multi-year legal issue and offering financial relief to those impacted by the company’s data vulnerabilities.
