Millions of AT&T customers whose Social Security numbers were exposed in a 2024 data breach could receive individual payouts of up to $7,500, but the $177 million settlement fund cannot distribute a single dollar until a federal judge in Texas grants final approval. The consolidated case, filed as In re AT&T Inc Customer Data Security Breach Litigation in the Northern District of Texas, covers two separate breach events that affected 7.6 million current account holders and tens of millions of former subscribers. With the settlement split into two tiers carrying different compensation caps, the court’s sign-off will determine whether the proposed allocation fairly matches the scale of harm each group suffered.
Why the two-tier fund split shapes what customers actually receive
The proposed settlement divides the $177 million into two pools. The larger portion, $149 million, covers claims tied to one breach incident, while a separate $28 million fund addresses the second. Individual compensation caps differ accordingly: up to $5,000 per claimant from the first pool and up to $2,500 from the second. Customers eligible under both categories could combine claims for a theoretical maximum of $7,500, though actual payouts will depend on how many valid claims the administrator processes and how much each claimant can document in out-of-pocket losses or time spent dealing with the fallout.
That gap between the two caps reflects the differing nature and severity of the two data exposures. AT&T disclosed on March 30, 2024, that personal information including highly sensitive identifiers such as Social Security numbers had been exposed, affecting 7.6 million current account holders alongside a much larger pool of former customers. The breach notification triggered a wave of lawsuits across the country, with plaintiffs alleging that the company failed to safeguard customer data and did not move quickly enough to contain the damage once the leak came to light. Those cases were eventually consolidated into the multidistrict litigation now pending before the court.
For affected customers, the practical question is straightforward: will the money actually arrive, and when? No payments can begin while the settlement sits in escrow awaiting judicial approval. The court must hold a fairness hearing, weigh any objections from class members, and decide whether the two-tier structure adequately compensates people whose most sensitive personal data was compromised. Only after the judge grants final approval and any appeals are resolved can the claims administrator calculate award amounts and begin issuing payments.
Court records and settlement terms behind the $177 million figure
The case is docketed as MDL 3:24-md-03114 in the Northern District of Texas, where dozens of individual lawsuits were combined into a single proceeding overseen by one judge. Centralizing the litigation allows the court to manage discovery, settlement talks and class certification questions in a coordinated way, rather than having conflicting rulings emerge from different federal districts.
The official settlement notice, distributed through PR Newswire, laid out the claim mechanics and deadlines for eligible class members. According to that notice, claimants must submit documentation supporting their losses to qualify for compensation under either or both tiers. Examples can include receipts for credit monitoring or identity theft protection, bank statements showing fraudulent withdrawals, or records of time spent resolving fraudulent accounts. People who cannot show direct financial losses may still be able to claim for time spent responding to the breach, subject to the per-person caps and overall fund limits.
The $149 million and $28 million split is not arbitrary. Each fund corresponds to a distinct set of claims arising from separate data incidents, and the per-claim caps of $5,000 and $2,500 were negotiated to reflect the relative exposure in each event. The combined $177 million figure makes this one of the larger consumer data breach settlements in recent years, though the final per-person payout hinges entirely on claim volume. If a large share of the 7.6 million current customers and the broader pool of former subscribers file claims, individual checks will shrink accordingly; if participation is low, those who do file may receive closer to the maximum.
Settlement funds of this kind are typically allocated on a pro rata basis, meaning each approved claimant receives a share of the pool proportional to their documented losses, up to the cap. Administrative costs, attorneys’ fees and service awards for class representatives are usually deducted from the gross fund before payments are calculated, further affecting what individuals ultimately receive. The court will scrutinize those line items at the fairness hearing to ensure they are reasonable in light of the overall recovery.
Until the judge issues a final order, customers who believe they are part of the affected class can focus on gathering records and confirming their eligibility through the official settlement channels described in the notice. The outcome will determine not only how the $177 million is divided, but also whether the two-tier structure becomes a template for future data breach settlements that must account for different levels of risk and harm within the same compromised dataset.
