In a significant legal development, AT&T is poised to pay $177 million to customers affected by two separate data breaches, as part of a settlement pending final approval. On Friday, a US judge granted preliminary approval to this settlement, intended to resolve multiple class-action lawsuits against the telecom giant.
The breaches, which occurred in 2019 and 2024, exposed sensitive personal information. The first breach in 2019 compromised data of 51 million users including names, Social Security numbers, and birthdates. This accounted for $149 million of the settlement. The second breach in 2024 involved the leak of personal information of nearly all of AT&T’s 109 million wireless customers via a cloud provider, costing $28 million.
These incidents triggered numerous lawsuits, accusing the company of neglecting its duty to protect customer data. AT&T, however, maintains its stance of denying responsibility. “While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation,” stated the company. It also reaffirmed its commitment to safeguarding customer information and maintaining user trust.
Eligible customers affected by the 2019 breach could receive up to $5,000 each, while those impacted by the 2024 incident might receive up to $2,500. Final approval of this settlement is anticipated by year’s end, with disbursements starting next year.
This settlement represents AT&T’s attempt to mitigate potential costs and prolonged legal battles while concentrating on rectifying security oversights. By promptly addressing customer grievances, AT&T can focus on rebuilding its cybersecurity infrastructure and restoring consumer confidence.
