Last updated 2026-07-09

TL;DR
A TCPA lawsuit is a legal claim under 47 U.S.C. § 227 for unsolicited calls, texts, or faxes made without proper consent. Statutory damages run $500 to $1,500 per violation, and no actual harm is required. Class actions bundle thousands of claims, so one careless SMS blast can turn into a seven- or eight-figure case.
What is a TCPA lawsuit?
A TCPA lawsuit is a private legal action filed under the Telephone Consumer Protection Act, codified at 47 U.S.C. § 227 [1]. Anyone who gets an unsolicited call, text, or fax can sue the sender directly. You do not have to prove you lost money. The statute is self-executing: the right to sue is written in, and the minimum damages are fixed by law.
Congress passed the TCPA in 1991 to stop autodialers and prerecorded messages from flooding residential phones. The FCC implements it, and over the years the agency has issued dozens of orders expanding and sometimes narrowing who counts as a covered caller and what equipment qualifies as an autodialer [2]. Courts have argued over those definitions ever since.
The case that reshaped modern TCPA litigation is Facebook, Inc. v. Duguid (2021). The Supreme Court narrowed the definition of an automatic telephone dialing system (ATDS) to equipment that uses a random or sequential number generator to store or produce numbers [9]. That ruling made it harder to sue over calls placed to a specific, pre-loaded list. It did not close the door. Prerecorded message claims, do-not-call claims, and state-law claims stacked on top of the TCPA are all still alive and filed daily.
To read the full statutory text and understand what the law actually prohibits, see our TCPA overview.
What does a TCPA lawsuit actually allege?
Most TCPA complaints allege one of three things: the defendant called or texted using an ATDS or prerecorded voice without prior express written consent [1]; the defendant called a number on the National Do Not Call Registry after the consumer asked not to be called; or the defendant kept calling after the consumer revoked consent.
The consent standard depends on what you were selling. For informational or transactional messages, prior express consent is enough. For telemarketing, you need prior express written consent, which means a signed agreement (electronic signatures count) that clearly authorizes autodialed or prerecorded marketing calls to that specific number [2]. Plenty of suits start because a company bought a lead list and assumed the leads had consented, without checking how that consent was gathered.
Revocation cases keep climbing. The FCC's 2024 rules confirmed that consumers can revoke consent at any time, by any reasonable means, and callers have ten business days to stop contacting them after revocation [3]. If someone texts STOP and you send one more message before your system catches up, that is one more potential violation.
Number reassignment is another trap. You call a cell number you believe belongs to a consenting customer, but the carrier already handed that number to someone else. The new owner never consented. Courts have held callers liable in exactly this spot. The FCC built a Reassigned Numbers Database so callers can check first, though many teams still skip it [4].
How much does a TCPA lawsuit cost per violation?
Statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation for negligent violations and up to $1,500 per violation if the court finds the violation was willful or knowing [1]. There is no per-plaintiff cap in an individual suit. Courts generally treat each call or text as its own violation.
Run the math. Send a single SMS blast to 200,000 numbers without adequate consent, and if just 1 percent of recipients sue, that is 2,000 potential plaintiffs each claiming $500 to $1,500. The arithmetic turns ugly fast.
Individual TCPA cases rarely reach trial. They settle. Average individual settlements are hard to pin down because most stay confidential, but publicly reported class action settlements give you the scale. UnitedHealthcare settled TCPA claims for $2.5 million (see our coverage of the UnitedHealthcare TCPA settlement). The Truist Bank TCPA class action settlement and the Credit One TCPA settlement both climbed into eight figures. The Albertsons/Safeway TCPA settlement and the Cash App TCPA class action show the same shape across different industries: the settlement almost always dwarfs whatever revenue the campaign brought in.
Litigation costs pile on top of statutory damages. Defense counsel for a contested TCPA case can run $50,000 to $300,000 before trial, depending on complexity. Many defendants settle early to dodge that bill, which is exactly why plaintiff attorneys file these cases.
How does a TCPA class action lawsuit work?
A TCPA class action starts the same way an individual case does. One plaintiff files a complaint alleging they got an illegal call or text. The difference is the complaint also carries class allegations, claiming the defendant violated the TCPA the same way toward a large group of similar people.
The plaintiff then files a motion for class certification under Federal Rule of Civil Procedure 23. To certify a class, the court has to find that the class is large enough, that common questions of law or fact predominate, and that the named plaintiff can adequately represent everyone. TCPA cases fit class treatment well because the alleged conduct (a single blast, a shared autodialer) tends to hit large numbers of people in an identical way.
Once a class is certified, the defendant faces combined statutory damages across every member. That is where the numbers turn existential. A class of 100,000 with valid $500 claims totals $50 million. A class of 100,000 with willful violations totals $150 million. Courts can reduce clearly excessive awards, but they do not always do it.
The TCPA class action market runs on a well-organized plaintiffs' bar. Attorneys file complaints fast after a bad campaign surfaces, sometimes within weeks of the blast. They find plaintiffs through social media posts or by keeping lists of consumers who want to be told when suits get filed against companies that contacted them. This is not theoretical. The WebRecon TCPA litigation index has tracked thousands of TCPA cases filed in federal courts every year [5].
For a concrete example of how these cases resolve, the Kaiser TCPA settlement shows the claim process from the consumer side.
What triggers a TCPA lawsuit most often?
The most common triggers, in rough order of how often they show up in filed complaints, are the following.
Calling or texting without documented prior express written consent. Lead generation is the biggest hazard here. If you bought leads from a vendor, you need a chain of documentation showing the lead opted in specifically to receive calls from you, by autodialer or prerecorded message, for telemarketing. A generic privacy policy or a checkbox saying "I agree to terms" does not clear the bar [2].
Ignoring or misprocessing opt-outs. The simplest case: someone texts STOP and keeps getting messages. CRM integrations fail, suppression lists do not sync, or a fresh upload overwrites existing opt-outs. These are the cases that feel awful in deposition.
Calling numbers on the National Do Not Call Registry. The DNC rules under the TCPA and the FTC's Telemarketing Sales Rule prohibit calling registered numbers for telemarketing without a prior business relationship or written consent [6]. You have to scrub your call list against the registry at least every 31 days [6].
Reassigned numbers. You had consent from the original subscriber, but the number changed hands. The new subscriber sues.
Abandonment and call frequency violations. For predictive dialers, if more than 3 percent of answered calls over a 30-day period are abandoned (the caller drops off without connecting a live agent within 2 seconds of the called person's greeting), that is an FCC violation and possible TCPA exposure [7].
Small teams often trip themselves by scaling a campaign faster than their compliance setup can keep up. A clean process for 1,000 contacts a month can break at 50,000.
Who gets sued most, and which industries face the highest risk?
TCPA suits land across industries, but a handful of sectors show up again and again in the case law and settlement news: financial services, healthcare, retail, insurance, home services, and lead generation networks.
Financial services and healthcare account for a lopsided share of large settlements, partly because they call at high volume and partly because their contact lists carry tangled consent histories. The Credit One and UnitedHealthcare cases are typical. Retailers running loyalty program SMS campaigns, like Albertsons/Safeway, prove that even consumer brands with known customers can face class actions if they text without proper consent records.
Lead generation networks deserve their own paragraph. The FCC's 2024 one-to-one consent order aimed straight at lead gen by requiring consent for one company at a time, not bundled across a network of buyers [3]. A lead that opted in on a comparison site's form used to be legal fuel for dozens of downstream callers. After the effective date (January 27, 2025 for most provisions), each buyer in that network needs its own documented consent. That shift will drive a new wave of litigation as old consent practices get tested in court.
Small teams often assume they are too small to be targeted. That is wrong. Plaintiff attorneys run software that pulls every number in a blast, cross-references it against consent records, and hunts for quick settlements. A small company with no legal budget and a shaky lead list is an easy payday for a plaintiff firm.
What defenses actually work in a TCPA lawsuit?
The defenses with real traction are: documented prior express written consent; no ATDS was used (post-Facebook v. Duguid); an established business relationship (narrow, only for DNC claims, not autodialer claims); and the called party is not a consumer (a business landline, for example).
Documented consent is the most reliable of the bunch. If you can produce the opt-in record, the timestamp, the IP address, the form text, and proof that the number submitted matches the number called, you have a strong hand. "The lead vendor told us the leads were consented" is not a defense. You own the consent you rely on [2].
The ATDS defense has held up since 2021 for campaigns dialing from a pre-loaded, static list using click-to-dial or any system that does not generate numbers randomly [9]. Prerecorded message claims do not require an ATDS at all, so if you used a prerecorded voice, that defense does nothing for the prerecorded message count.
A common carrier defense does not save the entity that initiates the call. If you hired a dialer to make calls for you, you are the initiating party, and you carry the liability.
Some defendants try to push consumers into arbitration under a consumer agreement. That can work if the clause is enforceable and covers TCPA claims, but courts read these clauses closely, and some have tossed them as unconscionable or for weak notice.
Honest answer: without clean consent documentation, your choices shrink to settlement talks. The question becomes how much, not whether.
How do you document consent well enough to win, or at least settle lower?
Good consent documentation has six parts: the form or landing page that collected consent (with the exact disclosure language visible); the timestamp; the IP address; the consumer's name and phone number as submitted; the URL of the form page; and the specific name of the company the consent went to.
The disclosure language carries a lot of weight. The FCC requires consent to autodialed or prerecorded telemarketing calls to be clear and conspicuous, not buried in terms of service [2]. A checkbox next to language like "By submitting this form, you agree to receive automated marketing calls or texts from [Company Name] at the number provided. Message and data rates may apply. Consent is not a condition of purchase" is the template most attorneys reach for.
Store consent records in a system that is tamper-evident and time-stamped. When discovery hits, you have to produce those records. Spreadsheets are bad. A CRM or consent management platform with audit logs is far better.
For ongoing SMS programs, keep one suppression list as the single source of truth across every sending platform. Sync it after every opt-out, not on a nightly batch. See our guides on text message marketing and text messaging marketing for setup steps.
LeadCompliant offers a free consent record checker and a one-time compliance kit that walks through documentation requirements. It earns its keep if you are building a consent workflow from scratch and want a checklist instead of a law firm invoice.
Scrub your lists against the National DNC Registry. You access it through the FTC's official subscription program [6]. Third-party scrubbing tools are fine as pass-throughs, but the underlying data has to come from the registry itself.
What happens after a TCPA lawsuit is filed against you?
First, you get served with a complaint. Read it carefully. It identifies the named plaintiff, the alleged class (if it is a class action), the specific calls or texts at issue, and the legal theories.
You have 21 days to respond if you were served, or up to 60 days in some courts (check the scheduling order). Hire a TCPA defense attorney right away. This is not a spot where you respond yourself or wait to see if the plaintiff is serious. Plaintiff attorneys file because these cases pay. They are always serious.
Your attorney will want your call records, consent records, dialer configuration, and vendor contracts immediately. If your records are a mess, say so early. Spoliation (destroying or failing to preserve evidence once litigation is reasonably anticipated) creates real problems and can bring sanctions.
Most TCPA cases settle before class certification. The dynamics run one way: plaintiff attorneys want a quick settlement with fees, defendants want to avoid certification. That shared interest opens a settlement window, usually in the first 6 to 18 months. Amounts hinge on your consent documentation, the size of the alleged class, and whether violations were willful.
If you are in a specific region and need a starting point, look at jurisdiction-specific TCPA counsel. Our article on finding a TCPA lawyer in Kentucky shows what to look for generally, even if you are somewhere else.
What are the biggest TCPA class action settlements on record?
The largest publicly reported TCPA class action settlements show the ceiling on exposure. Below is a selection of notable cases with approximate settlement amounts. Many settlements include cy pres payments or claim-dependent distributions, so the headline number does not always equal cash paid to consumers.
| Company | Approximate Settlement | Year Finalized | Primary Allegation |
|---|---|---|---|
| Papa John's | $16.5 million | 2012 | Unsolicited marketing texts |
| Capital One | $75 million | 2015 | Autodialed debt collection calls |
| AT&T | $45 million | 2015 | Unauthorized texts |
| Bank of America | $32 million | 2015 | Automated calls without consent |
| Nationstar Mortgage | $8 million | 2018 | Autodialed calls |
| UnitedHealthcare | $2.5 million | 2023 | Automated calls without consent |
| Albertsons/Safeway | Undisclosed | 2023 | Unsolicited SMS marketing |
These figures come from public court records and press releases. The Capital One $75 million case settled under the name In re Capital One TCPA Litigation [8]. The Papa John's $16.5 million settlement resolved claims over unsolicited marketing texts in Agne v. Papa John's International [11]. These are not outliers. They are a pattern.
The Joseph Snyder v. Credit One case and the broader Credit One TCPA settlement are worth reading if your business does any debt-related outreach, because the consent and revocation issues there run through the whole industry.
How do the FCC's 2024 consent rules change TCPA lawsuit risk?
The FCC's December 2023 Report and Order (FCC 23-107), effective January 27, 2025 for most provisions, made two changes that directly raise lawsuit risk for outbound teams [3].
First, the one-to-one consent requirement. A consumer's opt-in on a lead generation form now covers one named company, not a shared list of lead buyers. If you buy leads from a comparison site or affiliate network, the consent the consumer gave that site does not reach you unless your company is named. The FCC's order states that consent "may not be obtained through a consent form that bundles multiple sellers." Many lead programs that ran through 2024 are now presumptively non-compliant.
Second, real-time revocation. Consumers can revoke consent by any reasonable means (reply text, voicemail, a verbal request on a call), and callers have ten business days to stop. That is tighter than many teams operate, especially anywhere opt-outs still get processed by hand.
The one-to-one rule will likely produce a wave of litigation across 2025 as plaintiff attorneys test whether lead buyers updated their consent chains. If you buy leads, get written representations from your vendors that consent was collected under the new standard, and audit a sample of your consent records before the calls go out.
How do you avoid a TCPA lawsuit without stopping all outbound calling?
You do not have to stop calling. You have to call the right people, the right way, with the right documentation.
The practical checklist:
1. Use only leads with documented prior express written consent that names your company specifically, was collected after January 27, 2025, and includes the required disclosure language. 2. Scrub every list against the National DNC Registry within 31 days of calling [6]. Scrub against your own internal do-not-call list on the same pass. 3. Check the FCC's Reassigned Numbers Database before dialing any cell number that has sat in your system for more than 90 days [4]. 4. Honor opt-outs within 10 business days. Automate this wherever you can. 5. Do not use prerecorded voices for telemarketing without explicit written consent, full stop. 6. Tune your dialer to stay under the 3 percent call abandonment threshold [7]. 7. Document everything. Consent records, scrub logs, opt-out processing logs. If you get sued, those records are your only real defense.
For teams running any volume of outbound SMS, the risk math shifts, because texts create written proof of contact that is trivial to screenshot and attach to a complaint. Our how to stop robocalls guide covers what consumers experience on the other side of your calls, which helps you calibrate your approach.
LeadCompliant's free TCPA tools let you cross-check key compliance thresholds and generate a documentation checklist. Running through it before a launch takes 20 minutes and costs less than the first hour of defense counsel.
Frequently asked questions
What is a TCPA lawsuit and who can file one?
A TCPA lawsuit is a private legal claim under 47 U.S.C. § 227 alleging that a caller or texter broke federal telemarketing restrictions. Any individual who got an unsolicited autodialed call, prerecorded message, or marketing text without proper consent can file one. No actual damages are required. Statutory damages of $500 to $1,500 per violation apply automatically.
How much can a TCPA lawsuit cost a small business?
Statutory damages are $500 per negligent violation and up to $1,500 per willful violation, with each call or text counting separately. A small SMS campaign to 10,000 unconsented numbers could generate $5 million in statutory exposure. Add defense fees of $50,000 to $300,000, and most small businesses settle well before trial. The settlement amount turns on the quality of your consent documentation.
What is a TCPA class action lawsuit and how does it differ from an individual suit?
A TCPA class action bundles thousands of claims from similarly situated plaintiffs into one case. One named plaintiff sues on behalf of everyone who got the same allegedly illegal calls or texts. If the court certifies the class, damages multiply across every member. Individual suits cap exposure at one plaintiff's claims. Class actions can reach eight or nine figures from a single campaign.
Do I need to cause actual harm for someone to sue me under the TCPA?
No. The TCPA creates a private right of action for statutory damages regardless of actual harm. The Supreme Court addressed standing in TransUnion v. Ramirez (2021), which tightened requirements for some federal claims, but courts have generally found that receiving an unwanted call or text is itself a concrete injury sufficient for TCPA standing.
Can I be sued for texts sent by a third-party vendor or lead gen partner?
Yes. The FCC has held that companies can face vicarious liability for TCPA violations by vendors acting on their behalf, under agency principles. If you hired a dialer or lead gen company that made illegal calls to drive leads to you, and you had knowledge or control over the conduct, courts can hold you liable. Vendor contracts and audit rights matter here.
What is prior express written consent under the TCPA?
It is a signed agreement, written or electronic, in which the consumer clearly authorizes autodialed or prerecorded telemarketing calls or texts to a specific phone number. The authorization must be clear and conspicuous, name the specific companies that may contact the consumer (post-January 2025), and note that consent is not a condition of purchase. A generic terms-of-service checkbox does not count.
How long does a TCPA lawsuit take to resolve?
Individual suits often settle within 6 to 18 months. Class actions run longer, typically 2 to 4 years from filing to final settlement approval, because certification briefing and discovery eat time. Cases that reach trial are rare. Most defendants settle once a class is certified or when the certification briefing makes the potential exposure clear.
Does the TCPA apply to business-to-business calls?
The TCPA's autodialer restrictions apply to calls to any telephone number, including business numbers, but the DNC Registry rules apply only to residential subscribers and wireless numbers used for personal purposes. Courts have sometimes limited damages in pure B2B contexts, but calling cell phones that belong to business contacts with autodialers stays legally risky because cells are covered regardless of purpose.
What changed about TCPA consent rules in 2024 and 2025?
The FCC issued a Report and Order in December 2023 (FCC 23-107), effective January 27, 2025, requiring one-to-one consent: each lead gen opt-in may authorize only one named company, not a list of buyers. The order also requires callers to honor revocation within 10 business days through any reasonable means. Lead buyers using shared consent pools from before January 2025 now face significant exposure.
Is there a statute of limitations on TCPA lawsuits?
Yes. The TCPA does not specify its own limitations period, so federal courts apply the most analogous rule. Most courts have applied a 4-year period under the federal catch-all statute (28 U.S.C. § 1658) for cases filed in federal court. Some state courts apply shorter periods. Old campaigns can still generate suits years later if the calls fall within the limitations window.
Can I arbitrate a TCPA claim instead of going to court?
Possibly. If you have an enforceable arbitration agreement with the consumer that clearly covers TCPA claims, courts often compel arbitration. This can block class actions because class arbitration waivers are generally enforceable under the Federal Arbitration Act. But the agreement must be properly formed and adequately disclosed. Courts read TCPA arbitration clauses closely and have rejected some as unconscionable.
What records should I keep to defend against a TCPA claim?
Keep the consent form or landing page with disclosure language, the timestamp and IP of the opt-in, the phone number as submitted, the URL of the opt-in page, the company name displayed at opt-in, your DNC scrub logs with dates, your opt-out processing logs, and your dialer configuration records. Retain all of it for at least 4 years. A CRM with audit logs beats a spreadsheet by a mile.
Are TCPA violations criminal?
No. TCPA violations are civil, not criminal. There is no jail time. The risk is financial: statutory damages per violation, potential class action aggregation, and attorney fee awards. Some related conduct, like fraudulent robocalls or spoofing caller ID, can trigger separate criminal statutes (TRACED Act, wire fraud), but plain TCPA violations are a civil matter between private parties, plus possible FCC enforcement.
What is the FCC's role in TCPA enforcement versus private lawsuits?
The FCC can enforce the TCPA through administrative proceedings and civil fines, separate from private litigation. FCC fines can be large (the agency has proposed fines over $100 million in some spoofing cases), but FCC enforcement moves slower and happens less often than private suits. The private right of action is what keeps TCPA litigation so active: plaintiff attorneys profit directly, so they file constantly.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: Statutory text establishing private right of action and $500/$1,500 per-violation damages for TCPA claims
- FCC, Reassigned Numbers Database (reassigned.us): FCC Reassigned Numbers Database available for callers to check whether a number has been reassigned before calling
- WebRecon LLC, TCPA Litigation Tracker: TCPA case filing volume tracked in federal courts annually
- FTC, National Do Not Call Registry, Telemarketing Sales Rule 16 C.F.R. Part 310: Requirement to scrub call lists against the DNC Registry at least every 31 days; prohibition on calling registered numbers for telemarketing
- U.S. District Court N.D. Illinois, In re Capital One TCPA Litigation, No. 12-cv-10064: Capital One $75 million TCPA class action settlement, finalized 2015
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to equipment using random or sequential number generator to store or produce numbers
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: FTC TSR provisions overlapping with TCPA on DNC compliance and consent requirements for telemarketing
- PACER/CourtListener, Agne v. Papa John's International, No. 10-cv-01139: Papa John's $16.5 million TCPA class action settlement for unsolicited marketing texts