If you've been an AT&T customer recently, you might be pondering whether your personal information was caught up in one of the company's notorious data breaches. With two major incidents under the spotlight, AT&T is now working through a $177 million settlement process. This covers breaches in 2019 and 2024, which saw millions of users' sensitive data, from Social Security numbers to call records, fall into the wrong hands. It's crucial to understand the specifics of what was leaked, assess your personal risk, and decide on the necessary steps to claim your share of the settlement funds.
What Data Points Were Leaked?
AT&T’s data breaches in 2019 and 2024 hit hard, each exposing different pieces of customer information—and each carrying its own risks.
2019 Breach: Personal Identifiers Exposed
Scope: Nearly 51 million users had their data compromised.
What was leaked: Names, Social Security numbers, birth dates, and account numbers.
Impact: With these details, cybercriminals could open fraudulent accounts or commit identity theft. The exposure of Social Security numbers, in particular, is a serious red flag, as this number is often used to verify identity for everything from loans to tax returns.
2024 Breach: Call and Text Records Compromised
How it happened: Hackers exploited AT&T’s Snowflake database.
What was accessed: Records of calls and texts—who you contacted and when.
What wasn’t leaked: Names and full personal identifiers weren’t part of the data set.
Impact: Even without names, the pattern of who you communicate with, and when, can be pieced together to reveal sensitive information about your habits and associations. For some, this is less about direct financial harm and more about personal privacy.
Both breaches show just how much of our lives are stored in company databases—and how exposed we become when that data slips through the cracks.
Should You Be Worried?
When sensitive information gets exposed, it’s not just a headline—it’s a real threat to your privacy and financial security. Let’s break down why the 2019 and 2024 AT&T breaches deserve your attention, and what makes each different in terms of risk.
2019 Breach: The Serious Stuff—Social Security Numbers and Birth Dates
The 2019 AT&T breach wasn’t your everyday data leak. What set it apart was the exposure of Social Security numbers and birth dates—two pieces of information that form the backbone of your identity. Here’s why that’s alarming:
Identity Theft: With your Social Security number and birth date, cybercriminals can open credit cards, take out loans, or even file fraudulent tax returns in your name.
Long-term Risk: Unlike a credit card number, you can’t just swap out your Social Security number. Once it’s out there, the risk lingers for years.
Widespread Impact: These details are often used as verification for many services—banking, government benefits, even medical records.
If your data was included in that breach, you’re at a much higher risk of being impersonated. It’s not paranoia—it’s reality. This is the kind of threat that keeps cybersecurity experts up at night.
2024 Breach: Call and Text Data—Not Harmless, Still Concerning
The 2024 breach didn’t expose Social Security numbers or birth dates, but it’s far from harmless. Instead, it involved call and text metadata—who you communicated with, when, and how often.
Privacy Invasion: Even without message contents, metadata can reveal patterns about your personal life, business contacts, and daily routines.
Potential for Scams: Bad actors can use this data to craft convincing phishing attempts, targeting you with scams based on who you contact.
Reputational Risk: Information about who you call or text, even if innocent, could be misused or taken out of context.
While the direct financial risk is lower than with the 2019 breach, don’t brush it off. Criminals are creative, and personal information—even metadata—can be used against you in unexpected ways.
What Can You Do?
It’s easy to feel powerless, but you’re not. Using privacy tools like Cloaked can help you keep your personal information under wraps. Cloaked lets you create masked emails and phone numbers, so breaches like these don’t expose your real details. It’s a simple step that can make a real difference in protecting yourself from future leaks.
What Should Be Your Next Steps?
If your data was caught in the AT&T breach, you’re probably wondering what to do next. It’s not as complicated as it sounds—just requires a little attention and action.
1. Watch for Official Notifications
Keep an eye on your inbox and mailbox. Starting this summer, AT&T will notify people who are eligible for a settlement payout. These messages might land in your email or show up as a letter at home.
Don't ignore official-looking emails or letters from AT&T—they could be your ticket to compensation.
2. Know When and How to File a Claim
Claims open on August 4. Mark your calendar. You’ll need to act within the window to get your share.
Payouts depend on your documented losses:
Up to $5,000 if you have evidence of direct financial harm tied to the breach.
Up to $2,500 for other documented losses (like time spent dealing with the aftermath).
Gather your documentation early. Bank statements, credit monitoring bills, or even emails showing the hassle you’ve dealt with—these will help you support your claim.
Use the official settlement website. Avoid any links from suspicious emails. Go directly to the source to file your claim.
3. Take Steps to Protect Your Data Going Forward
Data breaches are becoming regular headlines. After you file your claim, it’s smart to think about how to protect your personal information.
Consider using privacy tools like Cloaked. With Cloaked, you can generate new, encrypted emails and phone numbers to use online, reducing your exposure in case another breach happens.
Control your personal info: Cloaked lets you decide what you share, and with whom.
Cut down on spam and scams: By masking your real contact info, you limit who can reach you if another data set leaks.
Quick Summary
Check your notifications for settlement eligibility.
File your claim starting August 4, with documentation ready.
Boost your privacy using data management services such as Cloaked to help keep your information safe in the future.
Taking these steps isn’t just about claiming what you’re owed—it’s about putting up better defenses for whatever comes next.
Cloaked FAQs Accordion
Frequently Asked Questions
Cloaked is a privacy-first tool that lets you create secure aliases for emails, phone numbers, and more—shielding your real identity online. With Cloaked, your personal info stays protected from breaches, scams, and tracking.
Look for urgent messages, unfamiliar links, or strange sender addresses. With Cloaked aliases, it’s easier to identify which site may have leaked your contact details and ignore suspicious communications.
Yes. If a Cloaked alias starts receiving spam, you can pause, delete, or rotate it. This eliminates the need to change your real email or phone number.
They do different jobs. VPNs protect browsing. Password managers secure logins. Cloaked protects your real identity at the contact level—emails, phones, and personal identifiers.
Definitely. Use Cloaked aliases to avoid spam and limit exposure to companies that may mishandle or leak your data.
At Cloaked, we believe the best way to protect your personal information is to keep it private before it ever gets out. That’s why we help you remove your data from people-search sites that expose your home address, phone number, SSN, and other personal details. And to keep your info private going forward, Cloaked lets you create unique, secure emails and phone numbers with one click - so you sign up for new experiences without giving away your real info. With Cloaked, your privacy isn’t a setting - it’s the default. Take back control of your personal data with thousands of Cloaked users.
*Disclaimer: You agree not to use any aspect of the Cloaked Services for FCRA purposes.
