Customers who may have been impacted by a pair of AT&T data breaches have until the middle of December to collect up to $7,500 as part of a class-action settlement.
Millions of AT&T customers' personal information was exposed in two data breaches that were not disclosed until last year, leading to a combined settlement in court worth $177 million. While AT&T agreed to settle in the case, the company denied wrongdoing at the time.
What Can People Do to Collect?
The only way for eligible customers to receive a portion of the settlement is to submit a claim form, which can be done through the settlement website, which is administered by Kroll Settlement Administration.The form must be submitted online or sent through the mail and postmarked on or before Dec. 18.
Previous deadlines to opt out of the class-action settlement have already expired. Customers who take no action will not "receive any settlement class member benefits from this class action settlement," according to Kroll.
How Much Could Customers Receive?
The settlement’s cash funds total $177 million to pay those impacted by both of these breaches, which divvies up to $149 million for the first “settlement class” and another $28 million for the second, per a preliminary approval order filed in June.According to the settlement site, consumers impacted by the first breach may be eligible for up to $5,000. Those affected by the second breach may be eligible for up to $2,500. It’s also possible to be an “overlap settlement class member,” which would mean you may be eligible for payments from both of these funds.
After payments are made for direct losses, the remaining funds will be distributed to customers whose personal information was accessed.
A customer has to show documented losses to receive the full amount. People without documented losses will be paid a pro-rated amount based on the total number of settlement claims as well as costs related to attorneys' fees, the website said.
What Happened?
The deal resolves claims over data breaches that AT&T announced in March and July of last year. Depending on which breach is involved, AT&T has agreed to pay up to $2,500 or $5,000 to customers who suffered losses that are "fairly traceable" to the incidents.In March 2024, AT&T said it was investigating a data set released on the dark web and said its preliminary analysis showed it affected about 7.6 million current account holders and 65.4 million former account holders. The company said the data set appeared to be from 2019 or earlier.
In July 2024, the company said a breach resulted in the illegal downloading of about 109 million customer records at the U.S. wireless company.
AT&T disclosed that its call logs were copied from its workspace on a Snowflake cloud platform covering about six months of customer call and text data from 2022 from nearly all its customers. AT&T said at the time that the data did not contain the content of calls or texts or personal information such as social security numbers.
The second breach involved call and text records of nearly all AT&T customers from May through October of 2022, as well as a small subset from Jan. 2, 2023, the company said in July 2024.
In the second breach, AT&T said it learned that data was “illegally downloaded from our workspace on a third-party cloud platform” in April 2024 and began notifying its customers in July of that year.
What Has AT&T Said?
The company has denied any wrongdoing in connection with the data breaches and said the settlement was reached to end any prolonged litigation.“We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” the telecommunications giant told media outlets last month, adding that the firm is still “committed to protecting our customers’ data and ensuring their continued trust in us.”
The Epoch Times reached out to AT&T for comment but did not receive a response by publication time.