According to U.S. News, AT&T customers across the U.S. are waiting with baited breath for a judge to finalize a $177 million data breach settlement stemming from two serious cyberattacks that hit the telecommunications giant in 2024. While the legal process is still moving forward, the case has put a national spotlight on the overall issue of data privacy and security, with many states, such as Connecticut, stepping up enforcement and regulatory efforts in response to the growing digital threat.

The incident began in March 2024, when AT&T discovered that the sensitive information of 73 million current and former subscribers - including social security numbers, addresses and bank details - had been leaked to the dark web. Just months later, in July, hackers struck again, this time stealing phone numbers from a third-party cloud-based platform operated by Snowflake Technologies. The sheer scale and frequency of these two leaks rocked the industry, prompting a series of lawsuits and claims of liability.

As of August 2025, AT&T has agreed to a settlement of up to $177 million, divided into two dedicated funds: $149 million to compensate victims of the March breach and $28 million in response to the July attack. According to court documents reviewed by the Houston Chronicle, both settlement funds were earmarked for victims of the hacking attacks, reflecting the unique nature and impact of each incident. However, the details of the settlement are anything but simple. The team of plaintiffs' attorneys handling the lawsuits - led by W. Mark Lanier of Lanier & Lanier for the March matter, and Jeff Ostroff of Copperfield & Ostroff for the July matter - have proposed a total of Together, they claimed $59 million in attorneys' fees, or about one-third of the total settlement. This percentage is consistent with common practice in class actions, where attorneys generally receive between 25% and 35% of the settlement fund.

If Judge Ida Brown of the District Court for the Northern District of Texas approves the settlement, Lanier's team will receive $49.67 million in attorneys' fees and $564,792 in reimbursement of litigation costs, while Ostroff's team will receive $9.33 million in attorneys' fees and $2,314,380 in litigation costs. The settlement final approval hearing, scheduled for January 15, 2026, lasted six hours, and the parties engaged in a lengthy legal battle over the structure of the settlement, the opt-out mechanism for affected users, and the core issue of attorneys' fees. To date, the judge has not issued a final ruling, and the claims of millions of AT&T subscribers remain in limbo.

For consumers, the entire settlement process is also not a smooth one. According to the settlement's official website, users affected by the March 2024 data breach who can provide evidence of financial loss may be able to recover up to $100,000 in damages.Explicitly dating back to the beginning ofFor that incident, the maximum compensation is $5,000, with users whose social security numbers were compromised receiving five times the amount of compensation for users who only had other personal information compromised that did not involve a social security number. For the July 2024 breach, users will be compensated up to $2,500, again subject to proof of actual damages caused by the breach. In the unfortunate event that two breaches occurred at the same time, users could submit two separate claims for a total of up to US$7,500. However, the plaintiffs' lawyers also pointed out at the hearing that the actual damages may be much lower than these publicly stated figures.

The scale of the settlement is staggering. Court records show that about 99.7 million settlement notices have been sent, and as of December 30, 2025, about 4.38 million people have filed claims. The deadline for filing claims is December 18, 2025, and with the judge's decision still pending, users who have filed may have to wait several months to receive their compensation. When contacted by the reporter, Raniere & Associates declined to respond to questions about the progress of the ongoing legal process.

Although the AT&T case is one of the largest and most complex data breach settlements in recent years, it is not an isolated incident.2026 On February 5, 2026, Connecticut Attorney General William Don released a detailed report pursuant to the Connecticut Data Privacy Act (CTDPA) on the state's efforts to protect consumer privacy and data security over the past year. The report paints a bleak picture: in 2025 alone, the State Attorney General's Office received 1,830 data breach notifications and issued 63 warning letters in response, and the state reached a $105,000 settlement with Omni Healthcare for a 2024 ransomware attack.

According to Channel 8's WTNH news station, the report, released by William Don, goes beyond statistics and describes the Administration's active investigation into a wide range of digital threats, including privacy notifications and genetic data, as well as instant messaging apps, gaming platforms, chatbots, and data brokers. Particular attention is being paid to platforms and products that target children and young people, including social media, connected cars, and some artificial intelligence tools that are designed to expose minors to privacy and security risks. Enforcement actions have also been taken against businesses that delayed or improperly reported data breaches and failed to disclose consumer rights in a transparent manner.

Connecticut's data privacy law is one of the first and most stringent in the nation, and the State Attorney General's Office is aggressively and decisively defending people's privacy and security rights online," said William Don in a statement. 2025, we have pursued businesses that have delayed notification, improperly notified of data breaches, and withheld information from consumers, and have launched ongoing investigations into multiple platforms that may be taking advantage of children and exposing their sensitive data to unacceptable privacy and security risks online. We also launched an ongoing, aggressive investigation into a number of platforms that may be exploiting children and exposing their sensitive data to unacceptable privacy and security risks online. Privacy and data security are not optional, and businesses operating in this state must take compliance seriously."

Looking ahead, as the digital ecosystem continues to evolve, Connecticut plans to introduce a series of amendments to the Connecticut Data Privacy Act, scheduled to go into effect in July 2026, to further strengthen its protections. The state's proactive stance contrasts sharply with the passive approach often seen at the federal level in the U.S., where comprehensive data privacy legislation has yet to be enacted.

For millions of Americans, the AT&T settlement and the Connecticut enforcement action are two sides of the same coin: both are a response to the growing risks to personal data and the devastating consequences of data breaches. The associated lawsuits, lengthy hearings, and complicated claims process may be daunting, but they are a reflection of the high priority that is now being placed on data privacy and security.

As Judge Brown weighs a final ruling in Texas and Connecticut lawmakers prepare for the next phase of privacy reform, one thing is no longer in doubt: the age of accountability in the digital realm is upon us, and companies can no longer afford to treat privacy and security as a patchwork. Both AT&T customers and the people of Connecticut expect these hard-fought measures to translate into tangible protections for personal data and some peace of mind in an increasingly connected world.