AT&T has agreed to a $177 million settlement following two data breaches, and affected customers have just over a month to submit claims for their share of the settlement.

The settlement comes after multiple lawsuits were filed across the United States, which were eventually consolidated. These legal actions followed AT&T’s notification to millions of customers that their personal information, including Social Security numbers and call records, had been compromised in breaches last year. Plaintiffs accused the telecom company of repeatedly failing to secure consumer data. Although AT&T denies any wrongdoing, the company chose to settle the lawsuits earlier this year.

“We have agreed to this settlement to avoid the expense and uncertainty of prolonged litigation,” AT&T stated on Thursday. The company also emphasized its ongoing commitment to safeguarding customer data and maintaining their trust.

Consumers eligible for a settlement payment have until December 18 to file their claims. However, the settlement still requires final approval from a judge, expected early next year.

Here’s what you need to know about the process and your eligibility.

What data breaches does the AT&T settlement cover?

The settlement covers two different breaches. Both were disclosed in 2024-but involve data belonging to millions of current and former AT&T customers dating as far back as 2019 or earlier.

AT&T disclosed the first of these breaches in March 2024, after the company said it found that customer information from 2019 or earlier had been released on the “dark web” weeks earlier. At the time, AT&T said the breach impacted roughly 7.6 million current and 65.4 million former account holders-with leaked data including some sensitive info like Social Security numbers and passcodes.

The other breach involved call and text records of nearly all AT&T customers from May through October of 2022, as well as a small subset from Jan. 2, 2023. AT&T said it learned that data was “illegally downloaded from our workspace on a third-party cloud platform” in April of last year-and began notifying customers in July 2024, after launching an investigation. The company maintained that the leaked records included information like phone numbers, but not content of the calls or texts, or other personally identifiable information.

Several lawsuits emerged over both of these data breaches-which were later consolidated. The settlement was reached earlier this year in U.S. District Court in Texas.

How much money could impacted customers get?

The settlement’s cash funds total $177 million to pay those impacted by both of these breaches-which divvies up to $149 million for the first “settlement class” and another $28 million for the second, per a preliminary approval order filed in June.

According to the settlement administrator’s website, consumers impacted by the first breach may be eligible to up to $5,000. And those affected by the second breach may be eligible for up to $2,500. It’s also possible to be an “overlap settlement class member,” which would mean you may be eligible for payments from both of these funds.

Final payment amounts will vary depending on losses documented from each person-as well as the total number of claims received and added costs like attorney fees. And the court still has to give the settlement its final stamp of approval, in a hearing currently scheduled for Jan. 15, 2026.

When is the deadline to file a claim?

In the meantime, consumers have a little over a month left to file a claim online or by mail. The deadline is Dec. 18.

To learn more, you can visit the website of the settlement administrator, Kroll Settlement Administration. Class members can also opt-out or make an objection before Nov. 17.