U.S. Court Grants Preliminary Approval to AT&T’s $177 Million Data Breach Settlement

A U.S. federal judge in Dallas granted preliminary approval this week for AT&T’s proposed $177 million settlement, resolving class-action lawsuits tied to two major data breaches in 2024. The move signals judicial support but awaits final approval and implementation.

 

Breaches at a Fat-Finger Market

AT&T acknowledged two large-scale incidents last year involving its Snowflake cloud platform:

 

• One breach compromised 109 million customer accounts, including call and text logs spanning six months in 2022.

• A separate incident affected 73 million current and former subscribers, with data potentially dating back to 2019.

 

Earlier, AT&T paid $13 million to the FCC to settle a 2023 breach that exposed records from 8.9 million users.

 

About Snowflake Cloud Platform

Snowflake is a cloud-based data warehousing platform widely used by enterprises to store, manage, and analyse large-scale data. 

Despite its robust architecture, Snowflake’s customers—including AT&T—have faced recent scrutiny after a series of high-profile data breaches exposed vulnerabilities at the client configuration level, raising questions about shared responsibility in cloud security.

 

Settlement Structure & Payouts

Under the proposed plan:

 

• Courts can award up to $2,500 or $5,000 to individuals proving direct financial harm.

• Remaining funds will be distributed pro rata to all affected customers.

• The judge described the agreement as “fair and reasonable.”

 

If fully approved, disbursements could begin early 2026, following final sign-off expected by late 2025.

 

Regulatory Oversight & Broader Implications

AT&T’s earlier breach, settled with the FCC, highlights growing regulatory scrutiny of telecom data management. The current settlement underscores legal accountability for customer data, especially when stored on cloud platforms.

 

Expert Insight

Sunil Ambalavelil, Chairman of Kaden Boriss and a seasoned data protection and corporate lawyer in Dubai, commented:

 

“This settlement highlights global data protection trends. Companies must assess potential liability from third-party cloud services. Clear remediation plans—covering compensation, security upgrades and governance—are essential to restoring customer trust.”

 

This could be an interesting read: Do I Need a Corporate Lawyer for My Business? Contact our litigation experts for breach-related claims.

 

What This Means for Data Security & Compliance

• Corporate accountability: Billion-dollar settlements may follow, prompting firms to audit vendor contracts and strengthen data governance.

• Regulatory ripple effects: Outcomes from FTC or FCC investigations may influence similar actions globally, including in the UAE, where personal data protections are evolving.

• Litigation landscape: Settlement precedents guide future class actions and defences involving cloud-mediated breaches.

 

Key Takeaways

• A U.S. judge granted preliminary approval to AT&T’s $177 million data breach settlement.

• Two separate data breaches affected over 180 million customers via a cloud vendor.

• Individuals harmed can claim up to $5,000, with the balance spread across all victims.

• Final approval and payouts are expected late 2025 – early 2026.

• Regulatory, legal, and consumer-data governance implications are significant.

• Corporate risk control of third-party cloud services is now critical.

 

For any enquiries or information, contact info@thelawreporters.com or call us on +971 52 644 3004. Follow  The Law Reporters on WhatsApp Channels