Is the Cricket Wireless data breach notification letter real?

Yes. The Cricket Wireless data breach notification letter is legitimate. It is an official data incident notice sent by Cricket Wireless to affected customers beginning in July 2024. Cricket confirmed that notifications were sent via U.S. mail and text message — never by email. If you received a letter or text about this breach, it is real.

Can I still file a claim for the Cricket Wireless data breach settlement?

The online claim deadline was December 18, 2025, and the online form is no longer available. A late claim form may be mailed to the Settlement Administrator, but acceptance of late claims is not guaranteed. The final approval hearing was held on January 15, 2026, and the court has not yet issued a final ruling.

Is there a separate Cricket Wireless class action settlement?

No. There is no separate Cricket Wireless settlement. The original Cricket Wireless class action lawsuit (Morgan v. Cricket Wireless LLC) was consolidated into the larger AT&T data breach multidistrict litigation. Cricket Wireless LLC is a named defendant in the $177 million AT&T settlement. Cricket customers are eligible through the AT&T 2 Settlement Class, which covers the July 2024 Snowflake breach.

How did the Cricket Wireless data breach happen?

The breach was part of a massive cyberattack campaign targeting Snowflake, a cloud data storage platform used by hundreds of companies. Members of the ShinyHunters hacking group used stolen login credentials to access Snowflake cloud accounts that lacked multi-factor authentication. Some of the compromised credentials had been stolen through infostealer malware dating back to 2020. The same attack also hit AT&T, Ticketmaster, Santander Bank, and over 160 other organizations.

What is the $177 million AT&T settlement and does it cover Cricket customers?

AT&T, Cricket Wireless, and affiliated entities agreed to a $177 million settlement covering two separate data breaches from 2024. The settlement is split into two funds: $149 million for the March 2024 dark web data leak affecting 73 million AT&T account holders, and $28 million for the July 2024 Snowflake breach affecting call and text records of nearly all AT&T and Cricket wireless customers. Cricket customers whose data was involved in the July breach are eligible for the AT&T 2 Settlement Class.

How many people filed claims in the AT&T/Cricket settlement?

Approximately 4.38 million people had submitted claims as of December 30, 2025, out of roughly 99.7 million settlement class members who received notices. This represents a 4.8 percent claims rate, which attorneys described as higher than the claims rate in the majority of data breach class action cases.

Who carried out the Snowflake cyberattack?

Two individuals have been charged: Connor Riley Moucka, a Canadian national arrested in late 2024, and John Erin Binns, an American living in Turkey who was arrested in May 2024. Both are associated with the ShinyHunters hacking group. Moucka is scheduled for trial in October 2026. Both face charges of conspiracy, computer fraud, wire fraud, and aggravated identity theft.

What should I do if I missed the Cricket Wireless data breach claim deadline?

If you missed the December 18, 2025 online deadline, you may still be able to mail a late claim form to the Settlement Administrator at AT&T Data Incident Settlement, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324. However, acceptance of late claims is not guaranteed. Regardless of the settlement, you should monitor your credit reports, consider a credit freeze, and be cautious of social engineering scams.

Are there other data breach settlements I can file for?

Yes. If your personal information has been compromised in other data breaches, there may be additional class action settlements you can file for. OpenClassActions.com tracks hundreds of active settlements across data breaches, privacy violations, and consumer protection cases. Check the site regularly for new settlements with open claim deadlines.

Cricket Wireless Data Breach: 10 Million Customers Affected by Snowflake Cyberattack

Q: When will Cricket Wireless data breach settlement payments be sent?

The final approval hearing was held on January 15, 2026, but the judge has not yet issued a final ruling. If the court grants final approval and no appeals are filed, settlement payments are expected to begin in spring 2026. The exact timing depends on the claims review process, the court's ruling, and whether any appeals are filed.

By Steve Levine

Cricket Wireless Data Breach Snowflake Cyberattack

Published: February 17, 2026

Latest Update: The $177 million AT&T/Cricket data breach settlement claim deadline has passed. The final approval hearing was held on January 15, 2026. The judge has not yet issued a final ruling. If approved, settlement payments are expected to begin in spring 2026. There is no separate Cricket Wireless settlement — all Cricket claims are part of the AT&T settlement.

Cricket Wireless notified approximately 10 million customers in July 2024 that their call and text message records had been illegally accessed by cybercriminals. The breach was part of a massive cyberattack campaign targeting Snowflake, a cloud data storage platform also used by AT&T, Ticketmaster, Santander Bank, and over 160 other organizations.

If you received a data breach letter from Cricket Wireless, that letter is real. Cricket confirmed that notifications were sent via U.S. mail and text message — never by email.

Cricket Wireless LLC is a named defendant in a $177 million AT&T data breach settlement that covers both Cricket and AT&T customers affected by two separate breaches in 2024. The online claim deadline was December 18, 2025 and has passed. Late paper claims may still be mailed, but acceptance is not guaranteed.

Is There a Separate Cricket Wireless Settlement?

No. There is no separate Cricket Wireless class action settlement. The original Cricket Wireless lawsuit (Morgan v. Cricket Wireless LLC, filed July 23, 2024 in Georgia federal court) was consolidated into the larger AT&T data breach multidistrict litigation in the Northern District of Texas. Cricket Wireless LLC is a named defendant alongside AT&T Inc., AT&T Mobility LLC, AT&T Corporation, DirecTV LLC, and AT&T Services Inc. in the $177 million combined settlement.

Cricket customers are eligible under the AT&T 2 Settlement Class, which specifically covers the July 2024 Snowflake breach affecting call and text records of nearly all AT&T and Cricket wireless customers.

What Data Was Stolen?

The stolen data included phone numbers of calls and texts made by nearly all Cricket Wireless customers between May 1, 2022 and October 31, 2022. A small number of records from January 2, 2023 were also affected. The breach also exposed the number of calls and texts, total call durations, and cell tower identification numbers associated with some interactions.

The compromised data did not include the content of calls or text messages, Social Security numbers, birth dates, or financial information.

What Are Cell Tower Identification Numbers and Why Does It Matter?

Cell tower identification numbers reveal the approximate physical location of your phone when you made or received a call or text. Combined with the dates and times of your communications, this data can be used to build a rough map of where you were and when. This is the kind of location data that typically requires a court order for law enforcement to obtain — and it was stolen by hackers in this breach.

How the Breach Happened

The cyberattack was carried out by members of the ShinyHunters hacking group, who exploited stolen login credentials to access Snowflake cloud storage accounts that lacked multi-factor authentication. Security investigators found that some of the compromised credentials had been stolen through infostealer malware dating back to 2020.

What Is Snowflake?

Snowflake is a cloud data storage and analytics platform used by thousands of companies to store large amounts of data. Snowflake itself was not technically "hacked" — instead, hackers used stolen login credentials to access individual company accounts hosted on Snowflake's platform. The key vulnerability was that many of these accounts did not have multi-factor authentication enabled, meaning a stolen username and password alone were enough to get in.

Over 160 organizations were affected in the same Snowflake-related campaign, making it one of the largest coordinated data theft operations in history.

Who Carried Out the Attack?

Two individuals have been charged in connection with the Snowflake breach campaign: Connor Riley Moucka, a Canadian national arrested in late 2024, and John Erin Binns, an American living in Turkey who was arrested in May 2024. Moucka is scheduled for trial in October 2026. Both face charges of conspiracy, computer fraud, wire fraud, and aggravated identity theft.

Why Did Cricket Wait 3 Months to Notify Customers?

Cricket discovered the unauthorized access in April 2024 but did not begin sending notification letters until July 2024 — a three-month gap. This delay became a central issue in the class action lawsuit, which alleged Cricket failed to promptly notify affected customers. Cricket has not publicly explained the specific reason for the delay, though companies often cite ongoing investigations and coordination with law enforcement.

$177 Million AT&T/Cricket Settlement — Current Status

AT&T, Cricket Wireless, and affiliated entities agreed to a $177 million settlement to resolve consolidated litigation over two separate data breaches announced in March and July 2024.

The settlement is divided into two funds. The AT&T 1 Settlement Fund ($149 million) covers the March 2024 dark web data leak affecting 73 million current and former AT&T account holders, whose data included Social Security numbers, addresses, and banking information. The AT&T 2 Settlement Fund ($28 million) covers the July 2024 Snowflake breach affecting call and text records of nearly all AT&T and Cricket wireless customers. The AT&T 2 class had 36.4 million members. An additional 6.2 million customers were affected by both breaches.

Approximately 4.38 million people submitted claims by December 30, 2025, out of roughly 99.7 million eligible class members. Attorneys described this 4.8 percent claims rate as higher than the majority of data breach class actions.

Customers affected by both breaches could receive up to $7,500 combined. Customers in the AT&T 2 class (which includes Cricket customers) could receive up to $2,500 for documented losses.

Can I Still File a Claim?

The online claim deadline was December 18, 2025 and has passed. However, a late claim form may be mailed to:

AT&T Data Incident Settlement, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324

Acceptance of late claims is not guaranteed.

When Will Settlement Payments Be Sent?

The final approval hearing was held on January 15, 2026 at 9:00 AM CT before Judge Ada E. Brown in the U.S. District Court for the Northern District of Texas. The hearing lasted approximately six hours. As of this writing, the judge has not yet issued a final ruling.

If the court grants final approval and no appeals are filed, settlement payments are expected to begin in spring 2026. The exact timing depends on the claims review process, the court's final ruling, and whether any objections or appeals delay the process.

Should You Be Worried?

The breach did not include the content of your calls or texts, your Social Security number, or your financial information. What was stolen is metadata — records of who you called and texted, when, how long, and which cell towers were involved. While this doesn't directly enable financial fraud, it can be used for stalking, social engineering scams, or building detailed profiles of your activity and location patterns.

If you received a Cricket data breach notification, be cautious of calls and texts from unknown numbers, do not respond to unknown senders with personal information, go directly to company websites rather than clicking links in text messages, and monitor your accounts for suspicious activity. Consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion).

What If I Missed the Claim Deadline?

If you missed the December 18, 2025 deadline, your options are limited. You may try mailing a late claim form, but the settlement administrator does not guarantee acceptance. Beyond the settlement, you should still take steps to protect yourself: monitor your credit reports for unusual activity, consider placing a credit freeze or fraud alert, and remain cautious of social engineering scams where someone uses knowledge of your call patterns to impersonate people you know.

Other Data Breach Settlements You May Qualify For

If you've been affected by the Cricket Wireless breach, your data may have been exposed in other breaches as well. Here are active and recent data breach settlements on OpenClassActions.com:

• Idaho National Laboratory Data Breach Settlement — $75 cash + up to $5,000 + credit monitoring (claim deadline February 28, 2026)
• LifeBridge Health Data Breach Settlement — ~$100 cash or up to $5,000 (claim deadline February 28, 2026)
• Axip Energy Services Data Breach Settlement — $63 cash + up to $3,000 + 3yr monitoring (claim deadline March 2, 2026)
• Knight Barry Title Data Breach Settlement — Up to $5,000 + $1M insurance + 3yr monitoring
• Simpson Strong-Tie Data Breach Settlement — Up to $5,000 + $500 + 2yr monitoring
• Summit National Bank Data Breach Settlement — Up to $5,000 + $175 + 3yr monitoring
• First Commonwealth FCU Data Breach Settlement — $100 cash or up to $5,000 + 3yr monitoring
• Northeast Rehabilitation Hospital Network Data Breach Settlement — $75 cash + up to $5,000
• U.S. Dermatology Partners Data Breach Settlement — Up to $4,000 + $400 + $80 + 2yr monitoring

Check back regularly for new settlements. Many data breach settlements have short claim windows.

How Do I Find Class Action Settlements?

Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:

Sources

• Cricket Wireless Data Incident Notification Letter, July 19, 2024
• Morgan v. Cricket Wireless LLC, Case No. 1:24-cv-03253-ELR (U.S. District Court, Northern District of Georgia)
• In Re: AT&T Inc. Customer Data Security Breach Litigation, MDL Docket No. 3:24-md-03114-E (U.S. District Court, Northern District of Texas)
• Court Filing: Declaration of Claims Administration, December 30, 2025

For more class actions keep scrolling below.

Open Class Action Lawsuit and Class Action Settlement

Bayer RoundUp Bug Spray Lawsuits

Status: Open to Claims

Submit Claim

Video Game Addiction Lawsuit

Deadline: Pending

Submit Claim

DraftKings & FanDuel Addiction Lawsuits

Status: Open

Submit Claim

Children playing Roblox and using Discord?

Pre-Qualify Here

Submit Claim

File a rebate form to get a coupon, refund, rebate, or payment from this class action settlement

$4.17M RevitaLash Conditioner Settlement

Deadline: April 20, 2026

Submit Claim

$87.5M Beef Prices Settlement

Deadline: June 30, 2026

Submit Claim

Dollar General Bait & Switch Settlement

Deadline: April 13, 2026

Submit Claim

Cricket Wireless Data Breach Summary
Customers Affected	~10 million Cricket Wireless customers
Data Stolen	Call/text phone numbers, call counts, durations, cell tower IDs (May 2022 – Oct 2022 + Jan 2, 2023)
NOT Stolen	Call/text content, SSNs, DOB, financial info
How It Happened	ShinyHunters hacking group exploited Snowflake cloud accounts lacking multi-factor authentication
Breach Discovered	April 2024
Customers Notified	July 2024 (3-month delay)
Settlement	$177M combined AT&T/Cricket settlement ($28M for Snowflake breach covering Cricket customers)
Separate Cricket Settlement?	No — Cricket claims are part of the AT&T settlement only
Claim Deadline	December 18, 2025 (passed — late mail claims may be accepted)
Claims Filed	~4.38 million out of 99.7 million eligible (4.8% claims rate)
Final Approval Hearing	January 15, 2026 (held — ruling pending)
Expected Payouts	Spring 2026 (pending court approval)
Original Lawsuit	Morgan v. Cricket Wireless LLC, Case No. 1:24-cv-03253-ELR (N.D. Ga.) — consolidated into AT&T MDL