AT&T customers whose personal data was exposed in the 2024 breaches may be eligible for a payout from a $177 million class action settlement. However, the online claim window closed on December 18, 2025, and the filing deadline passed on that date, with online forms no longer available. If you’re trying to figure out whether you were affected, what you’re owed, or what happens next, here’s everything current as of mid-2026.
What Happened in the AT&T Data Breach
AT&T experienced two separate, large-scale data security incidents in 2024, both of which are now bundled into a single consolidated settlement. The first, known as the AT&T 1 incident, involved a dark web data leak affecting roughly 73 million current and former account holders and was resolved with a $149 million settlement fund. The second, AT&T 2, stemmed from the Snowflake cloud breach and exposed call and text records for nearly all AT&T and Cricket Wireless customers, covered by a separate $28 million fund. Together, the two incidents make up the largest telecom data exposure event in U.S. history.
Timeline of AT&T Breaches (2019–2025)
AT&T’s breach history stretches back further than most people realize. Data believed to originate from 2019 or earlier was leaked by a hacking group that began selling stolen AT&T customer data as early as 2021. However, AT&T didn’t publicly confirm the breach or notify customers until 2024. The formal timeline that matters for the current settlement starts on March 30, 2024, when AT&T announced the first incident, and continues through July 2024 with the second. The lawsuits arising from both incidents were consolidated in the Northern District of Texas before Judge Ada E. Brown, and the parties agreed to settle in March 2025. Notices to affected customers went out between August and October 2025, and the online claim portal closed in December 2025.
The Snowflake Cloud Breach Explained
The second AT&T incident wasn’t a direct hack of AT&T’s own systems; it originated through Snowflake, a third-party cloud data storage platform that AT&T used to store customer records. The Snowflake breach exposed call and text records for nearly all AT&T and Cricket Wireless customers, and AT&T wasn’t alone: Snowflake’s compromised environment also affected other major companies during the same campaign, since dozens of organizations relied on the platform. Because the exposure occurred through a shared vendor rather than a direct AT&T system flaw, it triggered a separate wave of litigation that was later merged with the original AT&T lawsuit into a single settlement.
What Data Was Exposed (SSNs, CPNI, Call Records, Text Metadata)
The scope of exposed data varies by which incident affected you. The breaches compromised names, addresses, phone numbers, email addresses, birthdates, account passcodes, billing account numbers, and Social Security numbers, some of which ended up posted on the dark web or downloaded from the compromised Snowflake environment. The Snowflake-linked incident specifically targeted call and text metadata, meaning who you contacted and when, not the content of the messages themselves. AT&T has stated that financial account information and the actual content of calls or texts were not part of the exposed data set.
Was I Affected? How to Check If Your Data Was Breached
You’re eligible to file if you’re a current or former AT&T customer whose data was included in either the March 2024 or July 2024 incident, and AT&T was required to send written notice to everyone in that category. If you never received a notice by mail or email, it’s a strong signal your specific account wasn’t flagged in either breach, though it’s still worth confirming through the official channels below.
How to Look Up Your AT&T Breach Status
The only authorized sources to confirm your status are the court-supervised settlement website, telecomdatasettlement.com, or Kroll Settlement Administration. If you’re unsure whether you’re included, you can call Kroll Settlement Administration to ask questions about your eligibility. Be cautious of unofficial third-party “lookup” tools that ask for sensitive personal information; the settlement administrator and AT&T’s own notice letter are the only sources that can definitively confirm your inclusion.

Understanding Your Class Member ID
If AT&T’s records show you were affected, you would have received a notice containing a unique Class Member ID along with a confirmation code. This ID, along with your email, AT&T account number, or full name, was required to submit a claim through the settlement portal. If you lost your notice or never found your ID, Kroll’s support line can help you retrieve it, since the ID ties your claim to your specific breach eligibility.
Signs Your Data Was Compromised (Dark Web Exposure)
Beyond the official notice, there are practical warning signs that your information is circulating outside the settlement process entirely, unexpected credit inquiries, unfamiliar accounts opened in your name, or spam calls referencing details you only ever gave AT&T. Because Social Security numbers and account passcodes were part of the exposed data set, monitoring your credit reports and dark web exposure independently is worth doing regardless of whether you filed a claim, since breach data often resurfaces in unrelated criminal marketplaces long after the original incident.
How to File an AT&T Data Breach Claim
As of this writing, the window to file a new claim online has closed. The filing deadline passed on December 18, 2025, and the online claim forms are no longer available. However, the process below remains useful for understanding what has already happened and for anyone considering a late-mailed claim.
Step-by-Step Claim Filing Process
Eligible customers filed by visiting the official settlement website, entering their Class Member ID and identifying information, and choosing between a documented loss payment or a standard cash payment. Filing required clicking “Submit Claim” and providing a Class Member ID along with an email address, AT&T account number, or full name, followed by any supporting documentation for losses being claimed.
Required Documentation and Information
Claims for reimbursement of actual financial losses needed more than just identity verification. Documented loss claims required reasonable proof, such as receipts or other non-self-prepared evidence, showing the loss was directly traceable to the AT&T incidents. Customers affected by both the March and July breaches, known as Overlap Settlement Class Members, had to submit separate, unique documentation for each incident rather than reusing the same evidence.
Claim Filing Deadlines You Shouldn’t Miss
The court extended the original deadline of November 18, 2025, to December 18, 2025, and that extended date has now passed, with no indication of a further extension. Late claims can still technically be mailed to Kroll Settlement Administration. Still, acceptance isn’t guaranteed at this stage, so anyone who missed the window should treat mailing a late claim as a long shot rather than a reliable path to compensation.
AT&T Data Breach Compensation & Payout
Payment amounts depend entirely on which incident affected you, whether you can document actual financial losses, and how many total valid claims were filed against the fund.

Cash Payment Tiers Explained
The settlement offers two payment paths: a documented loss payment for people who can prove specific financial harm, and a standard cash payment for everyone else in the settlement class. Documented loss payments range from $2,500 to $7,500. In contrast, standard cash payments are calculated on a pro rata basis, meaning the per-person amount is determined only after the administrator has finished processing all claims and deducted legal and administrative costs.
How Much You Could Receive
Customers affected by both the March and July breaches can qualify for up to $7,500 in combined compensation. However, most people without documented losses will receive a smaller, pro rata share of whichever fund applies to their incident. Because the exact per-claimant amount depends on the total number of valid claims, roughly 4.38 million claims were submitted before the deadline, nobody, including the settlement administrator, can confirm final individual payout amounts until the court approves the settlement and processing wraps up.
When and How Payments Are Distributed
As of June 2026, the settlement is still awaiting final court approval, and no payment date has been set. Distribution can’t begin until three things happen: the judge issues a final approval order, any appeals of that order are resolved, and every submitted claim form has been reviewed. Given that the final approval hearing already took place in January 2026 without a ruling, claimants should expect payments to arrive later in 2026 at the earliest, with further delay possible if the approval is appealed.
Legal Options: Class Action & Lawsuits
For most affected customers, the class action settlement is the primary, and often the only practical, path to compensation, since it consolidates dozens of individual lawsuits into a single resolution.
Current Class Action Status
As of March 2026, the court has not yet approved the settlement, and the $177 million settlement remains pending final approval as of June 2026. Judge Ada E. Brown of the Northern District of Texas is overseeing the case, formally captioned In re: AT&T Inc. Customer Data Security Breach Litigation.
Can You Sue AT&T Individually?
Filing a claim in the class action settlement generally means accepting the settlement terms rather than pursuing a separate lawsuit, since class members who didn’t formally exclude themselves by the November 2025 opt-out deadline are bound by the settlement outcome. Customers who did opt out retain the right to pursue an individual claim against AT&T. However, doing so typically requires hiring their own attorney and proving specific damages, which is a higher bar than accepting a settlement payment.
Law Firms Handling AT&T Breach Claims
Multiple firms represented plaintiffs across the consolidated litigation, and the Cricket Wireless portion of the case specifically was brought by Thomas Sizemore and Paul J. Doolittle of Poulin | Willey | Anastopoulo. If you’re exploring legal options outside the settlement, working with a firm already involved in the multidistrict litigation is generally more efficient than starting fresh, since they already have access to the case record and settlement terms.
AT&T Data Breach Settlement Updates
The settlement has moved slowly through the court process, with each stage adding months before customers see any money.

Latest News and Status Changes
The final approval hearing was held on January 15, 2026, but the judge has not yet issued a ruling as of mid-2026. The settlement administrator, Kroll, continues to review and process submitted claims while the court deliberates. There’s currently no confirmed timeline for when a ruling will come down, and even after approval, any appeals filed against the decision could further delay checks going out.
What Customers Are Saying (Community Discussion)
On forums like Reddit and consumer advocacy sites, the most common frustration is that customers who filed months ago still have no confirmed payment date. Many are unsure whether their documented loss claims were accepted. The consensus is to wait for official updates directly from the settlement website rather than relying on secondhand claims about payout timing, since no legitimate source, including AT&T or Kroll, has yet provided a payment date.
Protecting Yourself After the Breach
Whether or not your settlement claim comes through, taking independent security steps matters more given how much personal data was exposed across both incidents.
Free Credit Monitoring Offered by AT&T
Separate from the settlement, AT&T offered affected customers a year of free identity protection shortly after the breaches were disclosed. The offer included a year of complimentary credit monitoring, identity theft detection, and resolution services through Experian’s IdentityWorks, as well as $1 million in identity protection insurance. That enrollment window has since closed, so anyone who didn’t activate their code in 2024 no longer has access to this specific free offer.
Steps to Prevent Identity Theft
Since Social Security numbers and account passcodes were part of the exposed data, freezing your credit with all three major bureaus is one of the most effective steps you can take, since it blocks new accounts from being opened in your name without your explicit approval. Beyond that, changing your AT&T account passcode, enabling multi-factor authentication wherever it’s offered, and watching your credit reports for unfamiliar inquiries are practical habits that outlast any single company’s monitoring offer.
Monitoring Your Data on the Dark Web in the Future
Breach data doesn’t disappear once the initial news cycle ends; stolen records frequently resurface in new dark web marketplaces months or years after the original leak, sometimes bundled with data from unrelated breaches. Running periodic independent dark web exposure checks, rather than relying solely on a single company’s one-time notification, gives you ongoing visibility into whether your information is circulating elsewhere.
Frequently Asked Questions (FAQ’s)
When was the AT&T data breach?
AT&T disclosed two separate incidents in 2024: the first on March 30, involving a dark web data leak, and the second in July, tied to the Snowflake cloud breach affecting call and text records.
How do I know if I was affected?
You would have received an official notice by mail or email containing a Class Member ID. If you’re unsure, contact Kroll Settlement Administration directly through the official settlement website rather than a third-party lookup tool.
How much will I get from the AT&T data breach?
Documented loss payments range from $2,500 to $7,500, while standard cash payments depend on a pro rata split of the settlement fund after costs, meaning the exact amount won’t be known until the court approves the settlement.
Is the AT&T data breach claim still open?
No. The online claim filing deadline passed on December 18, 2025, and new claims are no longer being accepted through the settlement website.
Was Cricket Wireless affected too?
Yes. Cricket Wireless is a named defendant in the same $177 million settlement, and roughly 10 million Cricket customers were notified after their call and text records were exposed in the July 2024 Snowflake breach.



