A federal court has approved a $177 million class-action settlement for customers affected by two separate AT&T security breaches, offering eligible victims a path to recover cash for documented losses or receive tiered payments based on the type of data exposed. The decision covers distinct harm from a 2019 incident and a more recent 2024 breach, and allows some customers hit by both events to file claims against both settlement pools.
The settlement is among the largest telecom data-breach payouts in recent years. Notices began reaching potentially impacted customers in early August through Kroll Settlement Administration, though several recipients initially questioned whether the emails were legitimate. The court and administrators emphasize that only the official settlement channels and the designated website should be used to submit claims and verify communications.
How The Two Breaches are Treated Separately and Why it Matters
Judges split the action into two settlement classes to reflect that the 2019 and 2024 incidents harmed different sets of customers in different ways. Each class has its own funding pool and its own rules for proving loss.
- The AT&T 1 Settlement Class (2019 incident) draws from a $149 million pool.
- The AT&T 2 Settlement Class (2024 incident) is supported by $28 million.
Customers who were affected by both events fall into an Overlap Settlement Class and may submit separate claims under each settlement. That dual eligibility means overlap claimants can pursue higher total recovery — provided they meet the documentation or tier requirements for each breach independently.
Two Claim Paths: Documented Loss or Tier Cash Payments
Claimants choose one of two routes when filing:
- Documented Loss Cash Payment — This method offers the largest recoveries but requires proof of monetary loss directly tied to the breach. Acceptable documentation can include things like receipts for identity-theft remediation services, records of fraudulent charges traceable to the incident, or invoices for credit monitoring that were purchased because of breach-related concerns. Each breach requires distinct evidence tied to that event.
- Tier Cash Payment — This option does not require documentation of specific out-of-pocket costs. Instead, payments are allocated based on the type of data exposed and the number of valid claims. Payout amounts under the tier system are typically lower than documented-loss awards but are simpler to claim.
The settlement administrators caution that the documented-loss path requires careful evidence. A claimant seeking maximum recovery must show a direct financial link between expenditures and the breach, with clear records that stand up to verification.
How Claimants Could Reach the $7,500 Maximum
The headline maximum of $7,500 is achievable but tightly conditional. To reach that cap, a claimant must submit separate, verifiable proof of losses for each breach:
- $5,000 of documented losses tied to the 2019 breach, plus
- $2,500 of documented losses tied to the 2024 breach.
The court requires distinct documentation for the two events. Identical invoices or a single remediation bill cannot be shoehorned into both claims. Administrators will review submitted records to confirm dates, amounts, and links to the particular breach. Because meeting both thresholds requires substantial, discrete loss evidence, the pool of claimants eligible for the full $7,500 figure will be small relative to the total class sizes.
The Tier System and How it Determines Normal Payments
Most claimants will use the tier system. The settlement sets out three tiers that reflect the sensitivity of the information disclosed:
- Tier 1: Covers claimants from the 2019 breach whose Social Security Numbers were exposed. Tier 1 payments are substantially larger than other tiers.
- Tier 2: Covers other claimants from the 2019 incident whose information did not include SSNs.
- Tier 3: Applies to claimants from the 2024 breach.
Exact dollar amounts for each tier are not fixed in advance. The final payment per claimant depends on the number of validated claims and the remaining balance in each settlement pool after administrative costs and approved documented-loss payments are deducted. Settlement administrators say they cannot predict individual payments until claim volume and verification outcomes are known.
Deadlines and Required Actions for Potential Claimants
Time is a hard constraint. Claim forms must be submitted or postmarked by November 18, 2025. Customers who wish to opt out of the settlement or file an objection must act earlier; the deadline for opting out or objecting is October 17, 2025. Missed deadlines generally forfeit the right to compensation or to challenge the settlement terms.
Administrators have set up the official settlement site and claim process. Kroll Settlement Administration is processing claims and providing support to help customers understand eligibility rules and documentation standards. The official communications will direct recipients to the settlement website; administrators warn that legitimate messages will not request sensitive financial details by email or phone.
Verification Controls and Anti-Fraud Measures
Because settlement notifications are widely spoofed in scams, administrators built verification steps into the process. Official notices reference case-specific details and always point claimants to the central settlement portal for filings. The federal court’s oversight and use of a recognized administrator add procedural safeguards.
The verification process will include documentation checks for documented-loss claims. Claims lacking sufficient evidence will be rejected or moved to the tier process, depending on the circumstances. Administrators also reserve the right to audit suspicious claims to prevent fraud and double-claims across the two settlement pools.
Practical Considerations for Claim Preparation
Claimants choosing the documented-loss route must assemble clear, dated records that tie expenses directly to the breach. Typical examples accepted in similar settlements include:
- Receipts for identity-recovery services purchased because of the breach.
- Bank or credit card statements showing fraudulent withdrawals or charges linked to the period after the breach.
- Invoices for professional services used to restore accounts or remove fraud.
Remember that the court requires separate proof for the 2019 and 2024 incidents when seeking combined compensation. Identical bills or entries cannot be reused across both claims.
Those who do not have strong documentary evidence will likely select a tier cash payment and await the final distribution figures, which depend on claim volume.
What Happens After Claims Close
Once the claims window closes, administrators will verify submissions, resolve disputes, and calculate distributions. The total number of valid claims and the sum of verified documented-loss awards will dictate final per-claim payments under the tier model. Administrators will publish distribution schedules and notify claimants of determinations.
Customers who do not file a claim by the deadline will receive no payment, even if they are part of the settlement class.
Why the AT&T Settlement is Structurally Significant
Treating the two breaches as separate classes acknowledges that the incidents caused independent harms and that compensation should reflect that separation. The approach creates more complex claims processing but allows overlap claimants the possibility of multiple recoveries if they can prove distinct losses.
The $177 million fund represents a substantial corporate liability and reinforces how data-security failures can translate into large monetary settlements. It also illustrates the court’s preference for settlement structures that balance documented recovery for direct loss against broad, tier-based relief for those without discrete bills to present.
Communications and Security
Kroll Settlement Administration and the court advise recipients to verify emails and to use only the official settlement portal for submissions. Official correspondence will not ask for sensitive account passwords or require claimants to provide payment card details via email or phone.
The settlement provides multiple pathways to redress. Whether claimants pursue documented cash awards or tiered payments, they must follow deadlines, assemble appropriate documentation where needed, and rely on the official administration channels to avoid scams.
