Forbes·2025-12-08 01:21Core Viewpoint - AT&T customers have until December 18 to claim their share of a $177 million settlement related to two significant data breaches that exposed personal information and call records of millions of customers [1][2]. Breach Details - The first breach, disclosed on March 30, 2024, affected approximately 73 million customers, with sensitive data from 7.6 million current and 65.4 million former account holders appearing on the dark web [2][3]. - The second breach, revealed in a July 12, 2024 SEC filing, involved the theft of call and text message metadata for nearly all 110 million AT&T wireless subscribers, covering interactions from May 1 to October 31, 2022, and a single day in January 2023 [4][5]. Security Implications - The breaches were linked to Snowflake Inc., a cloud data warehousing platform used by AT&T, where attackers exploited stolen credentials to access customer data [6]. - The U.S. Department of Justice requested AT&T to delay public disclosure of the breaches due to national security concerns, marking a notable instance under the SEC's cybersecurity disclosure rules [7]. Financial Aspects of the Settlement - The settlement allocates $149 million for customers affected by the first breach and $28 million for those impacted by the second, with potential claims of up to $5,000 for the first incident and $2,500 for the second [10]. - Customers without documented losses can still claim a pro-rata share of the remaining settlement funds, with legal fees estimated at approximately $49.7 million and $9.3 million for each breach [11]. Future Proceedings - A final approval hearing for the settlement is scheduled for January 15, 2026, with payments expected to begin within 90 days if approved [12].