AT&T has agreed to pay $177 million to settle claims tied to two massive data breaches in 2024. The settlement is pending court approval, with a hearing scheduled for December 3, 2025.

The first incident, disclosed in March, exposed sensitive information from 73 million customers, including Social Security numbers and account credentials later found on the dark web.

A second breach in July, linked to a third-party cloud provider, revealed call and text metadata for nearly all AT&T customers between 2022 and 2023.

The settlement allocates $149 million to the March breach and $28 million to the July breach.

Each customer impacted by the breaches could receive up to $7,500. According to the settlement website, “Settlement Class Member Benefits will begin after the Settlement has obtained Court approval and the time for all appeals has expired.”

AT&T denied any wrongdoing, stating, “While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation.”

However, the resolution highlights mounting legal and regulatory pressure on telecom companies to secure the massive amounts of consumer data they hold. Analysts note that nearly half of consumers lose trust in brands after a breach, reflecting the longer-term reputational risks AT&T now faces.

In response, AT&T says it has rolled out stronger encryption, stricter access controls, multi-factor authentication, and new vendor oversight policies. It has also expanded employee training and partnered with the National Cybersecurity Alliance to boost public awareness.

For investors, the episode serves as a reminder that cybersecurity is no longer just an IT issue, but a central business risk. Telecoms like AT&T and rivals such as T-Mobile, which has suffered repeated breaches since 2021, are prime targets for attackers due to the sheer volume of sensitive data they manage.

As breaches become more frequent and costly, experts warn that settlements and regulatory fines will only rise. AT&T’s experience sends a clear message: proactive investment in cybersecurity is not optional, but is essential for protecting both customer trust and shareholder value.