Table of Contents How to Get Your Share of the AT&T Settlement Payouts How Much Money Can You Receive? How to Submit a Claim When Is the Deadline to Submit a Claim? What if I Want to Sue AT&T Individually? What If I Don't Like the Terms of This Settlement? What If I Do Nothing?
Were you caught up in either of the two AT&T data breaches from 2019 or 2024? If so, you might be eligible for part of a $177 million settlement.
According to court documents, the settlement fund consists of $149 million to address a major data leak in 2019, which allowed cybercriminals to exploit the data of former and existing subscribers for years. Last March, AT&T finally confirmed the breach, sparking a wave of class-action lawsuits alleging the company had failed to safeguard the data of 51 million users, including their names, Social Security numbers, and dates of birth.
The rest of the $28 million is meant to address a second incident involving a hacker breaching AT&T’s account with cloud storage provider Snowflake in April 2024. This enabled the cybercriminal to access call and text records for nearly all customers. Another round of class-action lawsuits followed, alleging corporate neglect. However, AT&T said no customer names were included in the stolen information. Law enforcement also arrested the two alleged hackers involved in the breach.
How to Get Your Share of the AT&T Settlement Payouts
You're eligible for a payout if your data was compromised in one or both of the two data brea
AT&T cybersecurity rating report: https://www.rankiteo.com/company/att
"id": "ATT1765044347",
"linkid": "att",
"type": "Breach",
"date": "4/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '51 million (2019 '
'breach), nearly '
'all customers '
'(2024 breach)',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'AT&T',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': ['Third-party compromise (Snowflake)',
'Exploited data leak'],
'customer_advisories': 'Settlement payout eligibility '
'announcements',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '51 million (2019), '
'nearly all '
'customers (2024)',
'personally_identifiable_information': 'Yes '
'(SSNs, '
'DOBs)',
'sensitivity_of_data': 'High (SSNs, DOBs)',
'type_of_data_compromised': ['Personal data '
'(names, SSNs, '
'DOBs)',
'Call and text '
'records']},
'date_detected': '2024-03',
'date_publicly_disclosed': '2024-03',
'description': 'AT&T faced two major data breaches in 2019 and '
'2024, leading to a $177 million settlement. The '
'2019 breach exposed personal data of 51 million '
'users, while the 2024 breach involved '
'unauthorized access to call and text records via '
'a third-party cloud storage provider.',
'impact': {'brand_reputation_impact': 'Class-action lawsuits '
'alleging corporate '
'neglect',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Personal data (names, SSNs, '
'DOBs)',
'Call and text records'],
'downtime': None,
'financial_loss': '$177 million settlement',
'identity_theft_risk': 'High (SSNs, DOBs exposed)',
'legal_liabilities': 'Class-action lawsuits, '
'regulatory fines',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': ['Customer database',
'Cloud storage (Snowflake)']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Third-party cloud '
'storage (Snowflake)',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (settlement reached)',
'motivation': ['Financial gain', 'Data exploitation'],
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Failure to safeguard '
'data',
'Third-party '
'compromise']},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Court documents',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': ['Class-action '
'lawsuits'],
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public disclosure, '
'settlement announcements',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes (hackers arrested)',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': ['Cybercriminals', 'Alleged hackers (arrested)'],
'title': 'AT&T Data Breaches Settlement (2019 & 2024)',
'type': ['Data Breach']}