AT&T has agreed to a $177 million settlement following two data breaches, and affected individuals have just over a month to submit claims for their share of the compensation.

Multiple lawsuits were filed nationwide and later merged after AT&T informed millions of customers that sensitive information, including Social Security numbers and call records, was compromised in last year’s breaches. The lawsuits accused AT&T of repeatedly failing to safeguard consumer data. Although AT&T denies any wrongdoing, the company chose to settle earlier this year.

In a statement released on Thursday, AT&T explained, “We have agreed to this settlement to avoid the costs and uncertainties associated with lengthy litigation.” The company emphasized its ongoing commitment to data protection and maintaining customer trust.

Eligible customers must file their claims by December 18, with the settlement still awaiting a judge’s final approval early next year.

Here’s what you need to know.

What data breaches does the AT&T settlement cover?

The settlement addresses two separate breaches, both revealed in 2024, involving the data of millions of current and former AT&T customers, with some data dating back to 2019 or earlier.

AT&T disclosed the first of these breaches in March 2024, after the company said it found that customer information from 2019 or earlier had been released on the “dark web” weeks earlier. At the time, AT&T said the breach impacted roughly 7.6 million current and 65.4 million former account holders-with leaked data including some sensitive info like Social Security numbers and passcodes.

The other breach involved call and text records of nearly all AT&T customers from May through October of 2022, as well as a small subset from Jan. 2, 2023. AT&T said it learned that data was “illegally downloaded from our workspace on a third-party cloud platform” in April of last year-and began notifying customers in July 2024, after launching an investigation. The company maintained that the leaked records included information like phone numbers, but not content of the calls or texts, or other personally identifiable information.

Several lawsuits emerged over both of these data breaches-which were later consolidated. The settlement was reached earlier this year in U.S. District Court in Texas.

How much money could impacted customers get?

The settlement’s cash funds total $177 million to pay those impacted by both of these breaches-which divvies up to $149 million for the first “settlement class” and another $28 million for the second, per a preliminary approval order filed in June.

According to the settlement administrator’s website, consumers impacted by the first breach may be eligible to up to $5,000. And those affected by the second breach may be eligible for up to $2,500. It’s also possible to be an “overlap settlement class member,” which would mean you may be eligible for payments from both of these funds.

Final payment amounts will vary depending on losses documented from each person-as well as the total number of claims received and added costs like attorney fees. And the court still has to give the settlement its final stamp of approval, in a hearing currently scheduled for Jan. 15, 2026.

When is the deadline to file a claim?

In the meantime, consumers have a little over a month left to file a claim online or by mail. The deadline is Dec. 18.

To learn more, you can visit the website of the settlement administrator, Kroll Settlement Administration. Class members can also opt-out or make an objection before Nov. 17.