Is AT&T’s Settlement Enough to Compensate Victims of Identity Theft Risks?

The 2024 data breaches at AT&T, disclosed in May and July, compromised personal information for approximately 109 million customer accounts, including call and text logs from 2022. Hackers illegally downloaded data from AT&T’s Snowflake cloud platform, as reported by Reuters on June 21, 2025.

Exposed details, such as phone numbers and communication records, heighten risks of identity theft, phishing scams, and fraud. A March 2024 breach, affecting 7.6 million current and 65.4 million former customers with data from 2019 or earlier, further amplified these threats.

Victims face ongoing vulnerabilities, as stolen data circulating on the dark web could lead to financial and emotional harm for years.

How Does the Settlement Compensate Victims?

U.S. District Judge Ada Brown in Dallas granted preliminary approval on June 20, 2025, to a $177 million settlement resolving class-action lawsuits against AT&T. The deal offers up to $2,500 or $5,000 for customers with “fairly traceable” losses, with remaining funds distributed to those whose data was accessed, per Claims Journal.

AT&T, denying responsibility for the criminal acts, expects final approval by December 2025, with payments starting in early 2026. The settlement aims to address direct losses, but critics question its sufficiency for long-term risks.

While the payouts provide immediate relief, they may not cover prolonged costs like credit monitoring or legal fees from identity theft.

Did you know?
The 2021 T-Mobile data breach, affecting 76.6 million customers, resulted in a $350-million settlement, offering up to $25,000 for losses and two years of free credit monitoring, setting a higher standard than AT&T’s current deal.

Can Payouts Mitigate Identity Theft Threats?

The settlement’s $2,500 to $5,000 payouts fall short for many victims, given identity theft’s potential costs. A 2024 Javelin Strategy report estimates average out-of-pocket expenses for identity fraud victims at $1,200 annually, with some cases exceeding $10,000 over time.

Customers, including non-AT&T users on its network, expressed frustration in USA Today on June 21, 2025, noting that emotional distress and time spent resolving fraud are unquantifiable. The settlement lacks provisions for free long-term credit monitoring, a standard in breaches like Equifax’s 2017 case.

Without additional support, victims may struggle to manage the persistent threat of stolen data resurfacing.

What Additional Measures Are Needed for Victims?

AT&T’s prior $13 million FCC settlement in September 2024 for a 2023 breach affecting 8.9 million customers highlighted failures in vendor data deletion. The FCC’s ongoing investigation into the 2024 breaches, reported by CyberScoop, points out the importance of stronger data governance.

Victims require proactive measures like complimentary credit freezes, fraud alerts, and extended monitoring services. The Texas multidistrict litigation under Judge Brown will evaluate AT&T’s preventive steps, potentially mandating enhanced protections.

AT&T must go beyond financial compensation to provide robust tools and transparency to help customers safeguard their identities.

ALSO READ | Can Telcel Overturn Mexico’s $93 Million Monopoly Fine?

Settlement Highlights Compensation Gaps

The $177 million settlement offers partial relief for AT&T’s 2024 breach victims but fails to fully address the enduring risks of identity theft. Financial payouts alone cannot mitigate the long-term threats posed by exposed data, necessitating comprehensive support like credit monitoring.

As AT&T faces scrutiny from regulators and customers, its response will influence industry standards for breach remediation. The settlement underscores the urgent need for telecoms to prioritize victim protection in an era of escalating cyber threats.

AT&T’s $177 million settlement provides limited compensation for the 2024 data breaches, but the persistent threat of identity theft demands broader protections like free credit monitoring and enhanced security. As victims navigate long-term risks, AT&T’s actions will shape trust and accountability in the telecom industry. Will the company deliver sufficient safeguards to protect its customers from future harm?