AT&T has agreed to pay $177 million to settle claims tied to two separate data breaches that exposed Social Security numbers and other personal information for tens of millions of current and former customers. The settlement splits the funds into $149 million for one affected group and $28 million for the second. Up to 182 million people may be eligible to file claims for as much as $5,000 each, but the math behind that maximum payout and the sheer size of the eligible pool create a sharp tension between the headline figure and what any single person is likely to receive.
Why the $177 million settlement matters right now
The larger of the two breaches became public on March 30, 2024, when AT&T disclosed that a dataset circulating on the dark web contained Social Security numbers for about 7.6 million current account holders and 65.4 million former ones. AT&T reset passcodes and began notifying impacted customers. The combined settlement of $177 million addresses both that incident and a second breach that affected a different group of consumers.
The $5,000 maximum per claimant sounds substantial, but simple division tells a different story. If even a small fraction of the eligible population files claims, the per-person payout shrinks fast. The $149 million allocated to the first settlement class, for example, would average roughly $2 per person if all 73 million affected customers from the March 2024 breach alone filed. High participation would push individual checks toward token amounts, while low participation could deliver more meaningful payments to those who do file. That dynamic is the core test of whether this settlement functions as real compensation or as a cost AT&T can absorb without significantly changing how it handles customer data.
How the $177 million is structured across two breach classes
The $177 million settlement has received preliminary court approval and divides the money into two pools. The first settlement class receives $149 million, and the second receives $28 million. Consumers in either class are eligible for up to $5,000, though the actual amount depends on documented losses and the total number of valid claims submitted. Administrative costs and attorneys’ fees will also come out of these funds, further reducing what ultimately reaches individual claimants.
The March 2024 breach is the better-documented of the two incidents. The exposed dataset included full Social Security numbers, not partial identifiers, which raises the risk of identity theft and fraud well beyond a typical password leak. AT&T’s decision to reset passcodes was a reactive measure taken after the data was already circulating. The information had been posted for sale before the company acted, leaving a period in which criminals could attempt to exploit the exposed records.
Less is publicly known about the second breach that makes up the $28 million portion. Reporting identifies it as a distinct incident with its own pool of eligible consumers, but the specific data elements and exact timeline have not been described with the same level of detail. That gap matters because claimants in the second class are drawing from a smaller pool and may face different eligibility criteria or documentation standards, even though they are exposed to many of the same long-term risks associated with the misuse of personal information.
What affected AT&T customers should do first
Anyone who held an AT&T account and received a breach notification should first confirm which settlement class they fall into. Notices and the official settlement website are expected to spell out the criteria for each group, including the relevant dates and types of accounts involved. Understanding which pool applies to you determines not only your potential payout but also what kinds of losses you can claim.
The claims process will require documentation of losses, so it is important to gather records of any fraud or suspicious activity that could be linked to the breaches. That may include bank or credit card statements, correspondence with financial institutions, police reports, or receipts for identity protection services purchased out of pocket. Consumers who spent time resolving issues may also be able to claim compensation for hours spent dealing with identity theft or account problems, subject to whatever caps the settlement sets on time-based claims.
Even for people who have not yet seen clear signs of fraud, the exposure of Social Security numbers and other sensitive details justifies extra vigilance. AT&T has said it is providing support and monitoring to those affected by the massive leak of customer data, but consumers should not rely solely on company-provided tools. Checking credit reports, setting up alerts with banks and card issuers, and considering credit freezes are all practical steps that can reduce the risk of future harm.
The settlement does not erase the fact that millions of people now face a long tail of potential misuse of their personal data. What it can do is offer some financial relief and a measure of accountability. For AT&T customers weighing whether to file, the key questions are whether they have any documented losses, whether they are willing to invest the time to complete the claim, and how they want to respond to a breach that turned their most sensitive information into a commodity on criminal marketplaces.



