Tens of millions of individuals who submitted claims in the AT&T data breach settlement are still waiting as of early 2026. As of the most recent update in February, the court had yet to render a decision on the final approval hearing, which took place in a federal courtroom in Dallas on January 15, 2026. There have been no payments made. There is no confirmed timeline. The Kroll Settlement Administration’s settlement website states unequivocally and without much consolation that the court is still debating whether to approve the settlement and that no one can predict when that will happen.
Given how the entire situation began, it’s difficult not to feel some frustration for the millions of common people trapped in this specific bureaucratic waiting room.
Before AT&T formally acknowledged it, the breach itself, or rather the first one, had been making the rounds in hacker circles for years. As early as 2021, the hacker collective Shinyhunters was purportedly auctioning off information on over 70 million AT&T accounts, including names, email addresses, physical addresses, and, in many cases, dates of birth and Social Security numbers. AT&T refuted it. Then, in March 2024, a different actor going by the name MajorNelson uploaded a 5GB archive of the same data to a hacking forum that was open to the public. This was not the dark web, despite AT&T’s initial insistence, but rather a standard website that anyone with a browser could access. AT&T also refuted that. The company didn’t change its stance until a security researcher examined the compromised files and discovered real AT&T account passcodes buried in the data. AT&T acknowledged on March 30, 2024, that the data, which affected about 7.6 million current customers and 65.4 million former ones, seemed to be from 2019 or earlier. Anyone who has given careful thought to how big businesses handle inconvenient information will find it unsettling that the company made this admission only after being forced to do so by outside pressure.
AT&T Settlement Update Today: The $177 Million Data Breach Case That’s Still Not Over
| Category | Details |
|---|---|
| Company Name | AT&T Inc. |
| Headquarters | Dallas, Texas, USA |
| Founded | 1983 (as SBC Communications; AT&T rebranded 2005) |
| Industry | Telecommunications |
| Subscribers (approx.) | ~240 million wireless customers |
| Total Settlement Fund | $177 million |
| AT&T 1 Breach Fund | $149 million (March 2024 dark web leak) |
| AT&T 2 Breach Fund | $28 million (July 2024 cloud platform breach) |
| People Affected (Breach 1) | Approximately 73 million current and former customers |
| People Affected (Breach 2) | Approximately 36.4 million account holders |
| Maximum Documented Payout | Up to $5,000 (Breach 1); up to $2,500 (Breach 2) |
| Claim Filing Deadline | December 18, 2025 (now closed) |
| Final Approval Hearing | January 15, 2026 |
| Court Status (as of Feb. 2026) | Court still deliberating on approval |
| Settlement Administrator | Kroll Settlement Administration LLC |
| Case Court | Northern District of Texas, Judge Ada E. Brown |
Then, a second breach occurred before the first case was even completely organized. AT&T revealed in July 2024 that 36.4 million customers’ call and text records had been unlawfully downloaded from a third-party cloud platform run by Snowflake. This breach was structurally different in that it did not involve the same types of personal identifiers, but it did reveal patterns of who was calling whom, which can be extremely sensitive information in some situations. In March 2025, the two cases were combined and settled jointly, with the $177 million total fund divided between the two incident classes.
The settlement’s layered structure will ultimately dictate how much each person actually gets. There are two categories of claimants for the first breach, which involves Social Security numbers. Tier 1 payments, which are five times the amount of Tier 2 payments, are available to individuals whose Social Security numbers were specifically exposed. A person may be eligible to receive up to $5,000 if they can prove that the breach caused actual financial losses. In the absence of documentation, the payout becomes a pro rata portion of what’s left in the settlement fund after deducting administrative and legal fees. The pro-rata calculation might not yield impressive results because tens of millions of people were eligible to file claims. The precise number of legitimate claims that were filed prior to the December 18, 2025 deadline is still unknown, but it will determine everything.
Observing this process gives me the impression that big class action settlements like this one are sometimes designed more for the appearance of accountability than for the actual experience of it. AT&T generates tens of billions of dollars in revenue every year. Checks from a $177 million settlement, distributed among tens of millions of claimants, are unlikely to feel commensurate with the experience of having your Social Security number publicly available for download on the internet. That is merely an honest observation about the disparity between the scope of the breach and the scope of available relief; it is not an argument against the settlement.
Judge Ada E. Brown of the Northern District of Texas will decide what happens next. An appeal window opens if she accepts the settlement. Kroll will start processing and disbursing payments if no appeals are filed or after they are settled. That might require more months. Checks may finally arrive in mailboxes by the middle to late part of 2026, but even that is not assured. The official settlement website is the only authorized source of updates as the case progresses, so anyone hoping for a resolution should keep an eye on it.
In the end, the AT&T settlement reveals more than just one company or one violation. In a time when data moves instantly and legal remedies do not, it concerns the speed of accountability. In 2024, the files were accessible on the public internet. Within weeks, the lawsuit was filed. In 2025, a settlement was reached. And people are still waiting in 2026. That timeline shows that the system is functioning roughly as intended, and it’s important to periodically consider whether the design is adequate.
