AT&T to pay compensation to data breach victims. Here’s how to check if you were affected

AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers.

For those that have missed the story so far:

• Back in 2021, an entity named Shiny Hunters (a known hacking group) claimed to have breached AT&T. Later reports indicated this breach started in 2019. AT&T denied that the data came from its systems.
• Then in March, 2024, the data of over 70 million people was posted for sale on an online cybercrime forum. The seller claimed the data came from the Shiny Hunters breach. AT&T again denied the data came from its systems.
• On March 30, 2024, AT&T reset customer passcodes after a security researcher discovered the encrypted login passcodes found in the leaked data were easy to decipher.
• Finally, on April 2, 2024, AT&T confirmed that 73 million current and former customers had been caught up in the data leak.
• A later breach, revealed in July, 2024, involved a hack of AT&T’s cloud storage provider, Snowflake, compromising call and text records from 2022 for nearly 109 million US customers. Although no names were linked to this data, the breach was severe enough to lead to arrests.

Following these incidents, AT&T faced multiple class action lawsuits alleging inadequate protection of customer data. Now, a US District Judge has granted preliminary approval to a settlement resolving these lawsuits. This settlement offers an opportunity for affected customers to receive compensation for the harm caused by these breaches.

Who qualifies for compensation?

• Any current or former AT&T customer whose data was accessed in either breach is eligible.
• Priority and larger payments will go to those who can document damages directly caused by the breaches.
• Maximum payouts are up to $5,000 for the 2019 breach and $2,500 for the 2024 breach.
• Any remaining funds will be distributed to others affected, even without proof of damages.

The projected timeline for the claims process looks like this

• Notices to eligible claimants will be sent by August 4, 2025.
• The deadline to submit claims is November 18, 2025.
• Payments are expected to begin in early 2026, pending final court approval scheduled for December 3, 2025.

Check if your data was exposed

To find out how to claim, watch for official notifications from AT&T or check the settlement website once it launches.

You can use Malwarebytes’ easy, free tool—the Malwarebytes Digital Footprint Portal—to check if your data was exposed in the AT&T breach. Simply click the button below, enter your email address, and follow the prompts on the screen.

When you get your results, you’ll see a pink bubble with the words “Exposed on AT&T” if your information was affected in the breach. If you see a green bubble then your data was not exposed.

We will keep you posted of any new developments in this case. Stay tuned!

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.