T-Mobile US has settled litigation over a cyberattack last year that compromised information belonging to an estimated 76.6 million people.
The telecom company agreed on Friday to pay $350 million and spend an additional $150 million to upgrade data security.
The preliminary settlement filed in federal court in Kansas City, Missouri, requires a judge's approval.
T-Mobile disclosed the breach last August. At first, 47 million current, former and prospective customers were thought to be affected.
The number was raised past 50 million, and T-Mobile said in November its investigation uncovered an additional 26 million people whose personal information was accessed.
T-Mobile denied wrongdoing, specifically, including accusations it had inadequate data security.
The company has said the information included names, addresses, birthdates, driver's license data and Social Security numbers.
Friday's settlement covered nationwide litigation combining at least 44 proposed class-action lawsuits.
Class members may receive cash payments of $25, or $100 in California, and some could receive up to $25,000 to cover out-of-pocket losses, settlement papers show.
They will also receive two years of identity theft protection.
John Binns, a 21-year-old American who had moved to Turkey a few years earlier, took responsibility for the hacking, The Wall Street Journal reported last August.
|TMUS||T-MOBILE US INC.||132.48||-0.71||-0.53%|
The impact of the settlement to the company's bottom line is approximately a $400 million pre-tax charge in this year's second quarter. T-Mobile said it contemplated the charge and $150 million of spending in prior financial guidance.
The settlement could be approved by December.
Reuters contributed to this report.