Were you an AT&T customer in 2022?
Find out if you may be eligible — a real person will review your info and reach out if you may have a case.
The short version: AT&T announced in July 2024 that hackers stole the phone records of around 109 million customers going back to 2022. The records showed who you called, who you texted, how long the calls lasted, and in some cases, roughly where you were when you made the call. Multiple lawsuits were filed against AT&T soon after. Those cases are still working through the courts. If you were an AT&T customer at the time, you may be part of the group of people who could be owed something.
This page explains what happened, what was actually taken, why it matters to regular people, and how to check whether you may be eligible. If you want to skip ahead to the form, it’s at the bottom of this page.
What AT&T Said Happened
On July 12, 2024, AT&T filed a required government disclosure — called an SEC Form 8-K — saying that hackers had gotten into a third-party cloud storage service the company used. That service, Snowflake, was also used by other major companies. But in AT&T’s case, the records taken were massive in scale.
AT&T said the stolen data included records from nearly all of its wireless customers from a period between May 1, 2022, and October 31, 2022. Some older records from January 2, 2023, were also included. The company said the breach was originally discovered in April 2024 but that U.S. law enforcement asked them to delay reporting it publicly for national security reasons. AT&T publicly disclosed it on July 12, 2024.
The Federal Communications Commission — the government agency that oversees phone companies — confirmed it had launched an investigation into the breach.
What Information Was Actually Stolen
This is where a lot of people get confused. AT&T was careful in how it described the breach, so here’s what it means in plain terms:
- Who you called and texted. The stolen records showed the phone numbers of everyone you contacted during the covered period. That includes numbers belonging to people who weren’t even AT&T customers themselves.
- How long the calls lasted. The records included the length of each call or session.
- In some cases, which cell tower you were near. For some records, data identifying the general area where you were located when making a call was also included. This can reveal where a person was at a specific time — their home, doctor’s office, place of worship, or workplace.
AT&T said the stolen records did not include the actual content of calls or texts — meaning nobody heard what you said. It also said names and Social Security numbers were not part of what was taken. But experts have noted that phone numbers, combined with other data sources that are easily available, can be used to figure out who people are and build detailed pictures of their lives and routines.
Why This Matters to Regular People
Even if nobody heard your actual conversations, call records are deeply personal. Think about what your own call history could reveal:
- Calls to a doctor or mental health counselor
- Contact with a domestic violence shelter or legal help line
- Regular calls to a family member nobody knew about
- Contact with a financial advisor, accountant, or attorney
- Calls that show where you were at a specific time
This kind of data, in the wrong hands, can be used to pressure, embarrass, or harm people. The federal government takes these breaches seriously enough that the FCC launched a formal investigation, and multiple groups of lawyers have already filed cases in federal court on behalf of AT&T customers.
Find out if you may be eligible — free.
Fill out the short form. A real person will review your information and reach out within one week if you may have a case.
Start Free Eligibility Check →Where the Lawsuits Stand Right Now
After AT&T disclosed the breach, multiple lawsuits were filed in federal courts — including in the Northern District of Texas and other districts — on behalf of customers whose records were taken. These cases have been filed as class actions, meaning they seek to represent large groups of affected customers at once.
As of the time this page was published, a final settlement has not been announced. The cases are moving through the court system, which takes time. This is normal for large data breach cases — the legal process can last a year or more before a settlement is reached or a trial date is set.
A $177 million figure has been discussed in connection with AT&T’s penalty proceedings with the FCC and related matters, though a final individual compensation settlement for affected customers has not been finalized at the time of writing. Anyone who may have been affected should check eligibility now, before any deadline applies to their situation.
Do I Need to Prove My Records Were Taken?
No. AT&T itself said the breach covered nearly all of its wireless customers during the covered period. You do not need to show a notification letter, a specific email from AT&T, or any other document to start a case check. If you were an AT&T wireless customer between May 2022 and October 2022, your records were almost certainly part of what was taken, based on what the company disclosed.
What you do need is to submit your information so a legal team can confirm your eligibility and connect you to the right case.
Why You Should Check Now, Not Later
Every legal matter has a deadline. Once that deadline passes — even by a single day — you can lose the right to be part of any settlement or recovery. These deadlines, called statutes of limitations, vary by state. In some states, the window is just one year from the date you could reasonably have found out about the harm. The breach was publicly disclosed in July 2024, which means the clock has already been running for a while.
Checking takes two minutes. It is free. You do not pay anything unless a case recovers money for you. The only thing waiting costs you is the chance to be included.
Common Questions
I never got a letter from AT&T. Does that mean I wasn’t affected?
Not necessarily. AT&T said the breach covered nearly all wireless customers during the covered period. Whether or not you personally received a direct notification, your records may have been part of what was taken. Check your eligibility and let a legal team confirm.
Does it cost anything to check?
Nothing. The case check is completely free. If you move forward, there is no fee charged to you unless your case wins or settles. If it doesn’t, you owe nothing.
Do I need to have experienced identity theft to qualify?
You do not need to have experienced a specific harm like identity theft or fraud. The lawsuits allege that the privacy violation itself — the unauthorized taking and exposure of personal records — entitles affected customers to compensation. What you experienced in terms of specific harm may affect the strength of your individual case, which is something a legal team will review with you.
Can I still join if I switched away from AT&T since then?
Yes. If you were an AT&T customer during the period covered by the breach, you may still be eligible even if you are no longer a customer today.
Sources
- AT&T Inc., Form 8-K filed with the U.S. Securities and Exchange Commission, July 12, 2024. Available via SEC EDGAR.
- AT&T Inc., Press Release: “AT&T Notifies Customers of Illegal Download of Call Records,” July 12, 2024.
- Federal Communications Commission (FCC), Investigation into AT&T Data Breach, announced July 2024.
- Class action complaints filed in the U.S. District Court for the Northern District of Texas and other federal districts, July–August 2024 (various case numbers).
- AT&T disclosure: breach originally discovered April 2024; delayed public disclosure at request of U.S. law enforcement per company statement, July 12, 2024.