Last updated 2026-07-11

TL;DR
TCPA cases run $500 to $1,500 per call or text, and class actions routinely reach eight or nine figures because violations stack per recipient. The biggest losses share three patterns: calling without prior express written consent, ignoring do-not-call requests, and using autodialers on reassigned numbers. Learn those patterns and you keep your team out of court.
What is the TCPA and why does it produce so many lawsuits?
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, passed in 1991 and created a private right of action that lets individual consumers sue for statutory damages without proving actual harm [1]. That combination, no proof of harm required plus a per-violation damage floor, is why plaintiff attorneys love the statute. A single marketing blast to 200,000 people without proper consent is not a $10,000 problem. It is a potential $100 million to $300 million problem, depending on whether a court finds willful violations that trigger treble damages.
The FCC enforces the TCPA administratively, but the real financial exposure comes from private lawsuits and class actions filed in federal district courts. Plaintiffs can stack claims: one count per call, one count per text, one count per fax. There is no cap on aggregate class damages in the statute itself, which is why courts have occasionally wrestled with due process arguments when awards look astronomically disproportionate to actual consumer harm.
For a full grounding in what the law actually covers, the TCPA basics and what TCPA means in plain English articles are worth reading first. This piece focuses on what real litigation outcomes tell you about where the risk actually lives.
What are the statutory damages in a TCPA case?
The TCPA sets damages at $500 per violation for negligent violations and up to $1,500 per violation if a court finds the defendant willfully or knowingly violated the Act [1]. These numbers have not changed since 1991, which is part of why class actions are so devastating: the underlying statute was written before mass text message marketing existed.
Here is how the math works in practice. A company sends 500,000 promotional texts without valid prior express written consent. At $500 per text, that is $250 million in potential statutory damages before any finding of willfulness. Courts have reduced outsized awards under due process grounds in some cases, but the threat alone drives most defendants to settle well before trial.
Willfulness does not require intent to break the law. Courts have found willful violations when a company received cease-and-desist letters, complaints, or prior FCC guidance putting them on notice and kept calling anyway. That distinction matters enormously for your compliance posture. Documented internal policies, consent audit trails, and scrubbing logs are evidence of good faith that can shift a case from the $1,500 bucket toward the $500 bucket, or out of litigation entirely.
For context on what current compliance obligations look like, the TCPA 2025 update covers the rule changes that affect how courts will assess willfulness going forward.
What are the biggest TCPA cases and what caused them?
The table below covers a selection of high-profile TCPA settlements and verdicts. These are real outcomes from public records and press releases; settlement amounts do not always equal admitted liability.
| Case | Year | Amount | Core Violation |
|---|---|---|---|
| Dish Network LLC (FTC/DOJ) | 2017 | $280M | Calling DNC-registered numbers, abandoned calls [2] |
| Capital One / Kforce | 2014 | $75.5M settlement | Autodialer calls to cell phones without consent [3] |
| Nationstar Mortgage | 2019 | $13M settlement | Calls to reassigned numbers [4] |
| UnitedHealthcare | 2023 | $2.5M FCC settlement | Automated calls without consent [5] |
| Albertsons/Safeway | 2022 | ~$9.5M settlement | Promotional texts without PEWC [6] |
| Cash App / Block | 2024 | Settlement | Automated texts to non-consenting users [7] |
| Truist Bank | 2023 | Settlement | Debt collection calls to wrong/reassigned numbers [8] |
The pattern across all of these is not subtle. Violations fall into three categories almost every time: (1) no valid consent or stale consent, (2) calling or texting numbers on the National DNC Registry or internal do-not-call lists, and (3) using autodialers on numbers that were reassigned to new people who never consented to anything.
Dish Network is the most instructive because the $280 million judgment came after a decade-long enforcement action where the company had actual notice of violations from the FTC and kept running its telemarketing program anyway [2]. That is willfulness in the clearest possible form.
The UnitedHealthcare $2.5M settlement and the Albertsons/Safeway case are worth reading in detail because they show how companies with compliance programs still ended up in trouble when execution gaps appeared at the operational level.
What does "prior express written consent" mean in court?
Prior express written consent (PEWC) is the consent standard required before you send promotional texts or make autodialed promotional calls to cell phones. The FCC defines it in 47 C.F.R. § 64.1200(f)(9) as a written agreement that clearly authorizes the seller to deliver calls or messages using an ATDS, identifies the telephone number to be called, and includes a clear disclosure that consent is not a condition of purchase [9].
Courts are strict about this. A checkbox buried in a terms-of-service document, pre-checked by default, has failed in multiple cases. Verbal consent captured only in a call recording has failed for texts. Generic "I agree to receive communications" language without specifying autodialed calls has failed. The FCC's 2023 one-to-one consent rule, which took effect in early 2025, makes it even harder to rely on consent gathered through lead generation aggregators, because consent must now be specific to the named seller [9].
In Spokeo, Inc. v. Robins (2016), the Supreme Court held that plaintiffs must show a "concrete injury" to have standing in federal court, which initially looked like it might shrink TCPA exposure [10]. Subsequent circuit court decisions have largely found that receiving an unwanted robocall or text is itself a concrete harm, so Spokeo did not meaningfully reduce the lawsuit volume.
For the company being sued, the burden of proving consent exists falls on the defendant, not the plaintiff. You need the actual signed consent record, the timestamp, the IP address, the specific disclosure language, and a clear audit trail linking that consent to the phone number called. If you cannot produce that, you are in a bad spot regardless of whether you genuinely believed consent existed.
The consent and opt-in fundamentals article goes deeper on what a defensible consent record looks like operationally.
How do reassigned numbers create TCPA liability?
Reassigned numbers are one of the quieter traps in TCPA litigation. When a cell number is disconnected and reassigned to a new person, any consent the original subscriber gave you dies with the old relationship. Call the new person on an autodialer and you have a fresh TCPA violation, even though you had valid consent at some point in your records.
The FCC tried to address this with the Reassigned Numbers Database (RND), which launched in 2021. The database tracks disconnected numbers so callers can scrub before dialing. Using the RND creates a safe harbor: if you scrub against it within a defined lookback period and a number appears clean, you have an affirmative defense even if the number was later reassigned [12]. Skip it, and courts and the FCC have little sympathy when you claim innocent mistake.
Nationstar Mortgage settled for $13 million in 2019 largely because it was calling numbers that had been reassigned, and it had not built any systematic process to catch those reassignments [4]. The case predated the RND, but it established that "we didn't know" is not a defense when reasonable precautions exist.
Scrubbing against the RND is not expensive or complicated. Access through the FCC portal is nominal, and most dialers can fold the scrub into their workflow. The cost of skipping it, as Nationstar's settlement demonstrates, is orders of magnitude higher.
What TCPA cases involve text message marketing specifically?
Text message cases have become the dominant growth area in TCPA litigation over the past several years. The logic is simple: texting is cheap, so companies send texts at scale, and when consent breaks down the violation count is enormous.
The Albertsons/Safeway settlement is a good example. The case involved promotional text messages sent to customers who alleged they never provided valid prior express written consent for marketing texts. The ~$9.5 million settlement covered a class of affected consumers who received texts over a multi-year period [6]. Read the full Albertsons/Safeway breakdown for the specific consent defects alleged.
Cash App faced a class action over automated texts sent to users in contexts where the plaintiffs claimed consent was insufficient or had been revoked [7]. The Cash App TCPA class action details what the settlement required and what consumers needed to do to claim funds.
The consistent thread in text cases: companies relied on opt-in consent captured years earlier, did not re-confirm consent after program changes or platform migrations, did not honor opt-out requests promptly, or sent texts to numbers obtained through co-registration arrangements without one-to-one consent tied to their specific brand. The FCC's 2023-2024 consent rules tighten all of these gaps.
If text messaging is part of your marketing mix, the text message marketing compliance guide gives you the operational checklist side of this.
What TCPA cases involve debt collection calls?
Debt collection is the highest-volume category of TCPA litigation by case count. Collectors call frequently, often use autodialers, and have historically had less rigorous consent management than marketing teams because the call is to a debtor, not a prospect. That logic does not survive legal scrutiny.
The Supreme Court's 2021 decision in Facebook, Inc. v. Duguid narrowed the definition of an automatic telephone dialing system (ATDS) to devices that use a random or sequential number generator to either store or produce numbers [11]. This was a big win for defendants because many modern predictive dialers do not use random or sequential generation; they dial from a list. Post-Duguid, some debt collection cases have been dismissed where plaintiffs could not establish the dialer met the narrowed ATDS definition.
But collectors still face exposure from calls after revocation of consent, calls to wrong numbers or reassigned numbers, calls made outside the permitted hours under state mini-TCPA laws, and calls to numbers on the National DNC Registry. Truist Bank's settlement involved calls to reassigned numbers in a debt collection context, which shows that even the narrowed ATDS definition does not solve the reassigned-number problem [8]. The Truist Bank TCPA settlement breaks down the specific allegations.
Another case worth studying: the Joseph Snyder vs. Credit One Bank matter, which shows how an individual plaintiff can bring a TCPA claim against a large financial institution and extract a meaningful recovery.
How does the FCC enforce the TCPA versus private lawsuits?
The FCC can issue citations, propose forfeitures, and enter into consent decrees. The FTC jointly enforces the Telemarketing Sales Rule, which overlaps with TCPA on many practices. FCC enforcement actions tend to move slowly and result in negotiated settlements that are often smaller than what private class actions recover.
The UnitedHealthcare $2.5 million FCC settlement is a reasonable benchmark for an FCC-led resolution of a medium-scale violation [5]. Compare that to the Capital One class action settlement at $75.5 million and you see why plaintiff attorneys are the more acute threat for most companies.
The FCC's role matters more for setting the rules that define the liability landscape than for day-to-day enforcement. FCC declaratory rulings and orders, like the 2015 Omnibus TCPA Order and the 2023 consent rule updates, establish the standards courts then apply in private litigation. A company that follows current FCC guidance in good faith is in a much better position than one that ignores FCC orders and hopes no one notices.
Keep an eye on telemarketing rules news for rule changes as they happen, because the lag between an FCC order and widespread industry awareness is where a lot of companies accidentally create new exposure.
What defenses actually work in TCPA cases?
Documented prior express written consent that you can actually produce is the strongest defense. Not a policy saying you collect consent. The actual signed record, timestamped, with the correct disclosure language, linked to the specific number called. Courts have granted summary judgment to defendants who could produce clean consent records.
The ATDS definition defense (post-Facebook v. Duguid) has worked in circuits that adopt the narrow definition. If your dialer does not generate numbers randomly or sequentially and you can prove it with vendor documentation, some claims fail at the pleading stage [11].
The established business relationship (EBR) exemption applies to residential landlines for calls to the National DNC Registry, but it does not provide the same protection for cell phones under the autodialer provisions. Many companies mistakenly believe an EBR covers everything. It does not. The TCPA existing business relationship explainer walks through exactly what the EBR does and does not protect.
Revocation of consent is now clearer since the FCC's 2024 ruling that consumers can revoke consent by any reasonable means at any time, and that companies cannot contractually restrict how a consumer revokes [9]. That ruling cut off a common defense where companies argued opt-out had to happen through a specific channel. Now, if someone texts "stop" or says "take me off your list" in any format, you have to honor it, and honoring it quickly is evidence of good faith.
The bona fide error defense under some related statutes does not apply directly to the TCPA the way it does to the FDCPA. The TCPA's willfulness standard looks at whether the defendant knew the conduct was unlawful, not whether the specific call was accidental.
How do TCPA class actions get certified and what makes them so expensive?
Class certification under Federal Rule of Civil Procedure 23 requires numerosity, commonality, typicality, and adequate representation. TCPA cases are actually easier to certify as classes than many other lawsuits because the claim is the same for everyone in the class: did the defendant call this number using an ATDS without consent? Automated records like call logs and text send records make it easy to define the class with precision.
Once a class is certified, the economics flip entirely. At $500 to $1,500 per violation, a class of 100,000 plaintiffs represents $50 million to $150 million in potential exposure. Most defendants settle at that point regardless of the merits because the downside of a jury verdict is catastrophic. Settlements are typically a fraction of potential statutory damages, but even 5 to 10 cents on the dollar is a very large number.
The settlement administration process matters too. Consumers who are class members often have to file a claim to receive their portion of the fund, which is why you see claim deadlines publicized. The Kaiser TCPA settlement claim deadline is a recent example of how these consumer claim processes work in practice.
Defendants who fight to trial are rare but not unheard of. Dish Network's $280 million judgment came after trial [2]. More commonly, defendants settle to cap exposure and avoid the reputational cost of a prolonged public fight.
What can small outbound teams do right now to avoid becoming a TCPA case?
The compliance gap between large companies and small teams is not in intent. It is in documentation. Large companies get sued because they have scale; small teams get sued because they have no records to defend themselves with. The good news is that fixing the documentation problem is not expensive.
Start with consent. Every number in your dialing list needs a documented consent record that meets the PEWC standard for cell phones: written agreement, specific disclosure that autodialed or prerecorded calls may be made, no conditioning of consent on purchase. If you bought a list and cannot trace the consent chain back to that disclosure language, stop calling those numbers.
Scrub every list before dialing. National DNC Registry scrubs are required at least every 31 days under FCC rules [9]. State DNC lists layer on top of that. The Reassigned Numbers Database scrub catches the reassigned-number problem. None of this is optional if you want a defense.
Honor opt-outs the same day. The FCC's 2024 revocation ruling means any opt-out communicated by any reasonable means starts a clock. Build a process to get opt-outs into your suppression list within hours, not days.
LeadCompliant's free tools (the DNC checker and the compliance kit at leadcompliant.com) are a reasonable starting point for small teams who need to audit their current process before they spend money on a lawyer. The kit covers the consent recordkeeping and scrubbing workflow that makes up the core of a defensible TCPA compliance program.
Document everything: your consent collection process, your scrubbing schedule, your opt-out handling, your ATDS vendor specifications. If you ever get sued, your ability to produce that documentation is the difference between a quick dismissal and a seven-figure settlement.
What should you do if your company gets a TCPA demand letter?
Do not ignore it. TCPA demand letters from plaintiff attorneys are often preludes to either settlement negotiation or a filed lawsuit. The attorney has usually already identified a named plaintiff with a viable claim and is testing whether you will settle quickly.
Get a TCPA defense attorney involved immediately. This is not a situation for general counsel who handles contracts. You want someone who has handled TCPA class actions specifically, ideally someone familiar with the circuit where you operate. If you are in Kentucky, for instance, the TCPA lawyer Kentucky resource can help you find appropriate local counsel.
Do not destroy records. Litigation hold obligations kick in when you receive a demand letter, even before a lawsuit is filed. Destroying call logs, consent records, or opt-out records at that point can turn a winnable case into a spoliation nightmare.
Pull your documentation immediately. Can you find the consent record for the person who sent the letter? Can you show your scrubbing logs? Can you demonstrate the dialer architecture to an expert who can testify it is not an ATDS under the post-Duguid definition? The faster you answer these questions, the faster your attorney can assess whether you have a defense or whether early settlement is the right move.
And honestly: if you find you cannot produce consent records, treat that as a signal to fix your compliance infrastructure across the board before more demand letters arrive.
Frequently asked questions
How much can you get from a TCPA lawsuit as a plaintiff?
Statutory damages run $500 per violation for standard violations and $1,500 per violation if the court finds willfulness. In a class action, individual class member payments from settlements are often much smaller, sometimes $20 to $150, because the fund is divided among thousands of claimants. Named plaintiffs or individuals who file their own small claims cases can recover the full per-violation amount, which is why individual TCPA suits against high-frequency callers can be lucrative.
What does it mean when a TCPA case is certified as a class action?
Class certification means a court has found the case can proceed on behalf of a group of similarly situated plaintiffs rather than just one individual. In TCPA cases, the class is typically defined as everyone who received an autodialed call or text from the defendant without consent during a defined period. Once certified, the defendant faces potential liability for every member of the class simultaneously, which is why settlement pressure increases dramatically after certification.
Did the Facebook v. Duguid Supreme Court decision help defendants?
Yes, significantly in some circuits. The 2021 Facebook v. Duguid ruling narrowed the ATDS definition to devices using a random or sequential number generator to store or produce numbers. Many predictive dialers that call from a pre-loaded list do not meet this definition, so some cases have been dismissed or not filed in the first place. It did not eliminate exposure from consent failures, DNC violations, or reassigned number problems, so overall TCPA litigation volume remains high.
What is the difference between an FCC enforcement action and a private TCPA lawsuit?
The FCC investigates TCPA violations and can issue forfeitures or negotiate consent decrees. FCC actions move slowly and tend to produce smaller penalties than private class actions. Private lawsuits, filed by individual plaintiffs or plaintiff class action attorneys, can move faster and carry much larger financial exposure because statutory damages stack across every class member. Most significant TCPA financial exposure for businesses comes from private litigation, not FCC enforcement.
Can a TCPA case be filed over a single phone call or text?
Yes. The TCPA creates a private right of action for each individual violation. A single unwanted autodialed call or text can support a lawsuit for $500 to $1,500 in statutory damages. Individual plaintiffs in small claims courts or federal court do file single-violation cases, particularly serial plaintiffs who collect damages as a personal practice. The math is simple enough that a motivated individual can make filing worthwhile without needing a class.
Does the TCPA apply to B2B calls?
The TCPA's cell phone autodialer prohibition applies regardless of whether the call is to a business or a consumer if the number reached is a cell phone registered to an individual. Business-to-business calls have somewhat narrower exposure because the National DNC Registry is primarily for residential numbers and many business lines are landlines outside the ATDS prohibition. Calling a person's cell phone in a B2B context without consent can still create liability. The TCPA B2B exemption is narrower than most sales teams assume.
How long do plaintiffs have to file a TCPA lawsuit?
The TCPA's statute of limitations is four years under the federal catch-all statute at 28 U.S.C. § 1658. Some courts have applied this uniformly; a small number of cases have looked to underlying state law limitations. Practically, four years is the number to plan around. This means call records and consent documentation need to be retained for at least four years after any contact, longer if you want a clean audit trail.
What happened in the Dish Network TCPA case?
Dish Network faced a joint enforcement action by the DOJ and FTC for massive telemarketing violations including calling numbers on the National DNC Registry and making abandoned calls. After a trial, the court entered a $280 million judgment in 2017, the largest TCPA-related judgment on record at the time. The case was particularly damaging because Dish had received extensive prior notice of violations from regulators and continued the conduct anyway, which factored into the willfulness finding.
Can you go to jail for TCPA violations?
No. TCPA violations are civil, not criminal. The penalties are statutory damages in civil court plus potential FCC forfeitures. There is no criminal prosecution track under the TCPA itself. Related conduct, like fraudulent robocall schemes, could implicate other statutes that do carry criminal penalties, such as wire fraud. For standard TCPA compliance failures in a legitimate marketing or sales operation, the exposure is entirely financial.
What is the Reassigned Numbers Database and do I have to use it?
The Reassigned Numbers Database (RND) is an FCC-maintained database of phone numbers that have been disconnected and made available for reassignment. Using it is not technically mandatory, but it provides a safe harbor: if you scrub against it and a number appears clean, you have an affirmative defense if the number was later reassigned to someone new. Not using it eliminates that defense, so practically speaking it is a necessary part of a defensible TCPA compliance program.
How do TCPA cases settle and how long do they take?
Most TCPA class actions settle before trial, often one to three years after filing. Settlement amounts are negotiated as a lump sum paid into a settlement fund, which is then distributed to class members who file claims after a court-approved notice process. Individual cases settle faster, sometimes within months of a demand letter. Settlement amounts vary enormously based on class size, strength of the consent defense, and ATDS evidence, ranging from tens of thousands for individual cases to hundreds of millions for large classes.
What is prior express written consent and how do you prove you have it?
Prior express written consent (PEWC) is a signed written agreement authorizing autodialed or prerecorded calls, identifying the phone number, and disclosing that consent is not a condition of purchase. You prove it by producing the actual signed record: a web form submission with timestamp and IP address, a signed paper form, or a recorded verbal agreement for landline purposes. The burden of proof falls on the defendant. If you cannot produce the record, courts treat it as if consent did not exist.
Are there state-level TCPA equivalents that create additional exposure?
Yes. Several states have their own laws that add requirements on top of federal TCPA rules. Florida's Telephone Solicitation Act, Washington's Commercial Electronic Mail Act provisions, and California's laws all create additional compliance layers. Some state laws are stricter on hours of calling, required disclosures, or opt-out handling. A TCPA compliance program that only looks at federal law will miss state-level exposure that plaintiff attorneys actively exploit.
Sources
- Cornell Law School LII, 47 U.S.C. § 227 (TCPA statute text): TCPA statutory damages are $500 per violation and up to $1,500 for willful violations; private right of action for consumers
- U.S. Department of Justice, United States v. Dish Network LLC (E.D. Cal. 2017 judgment): $280 million judgment entered against Dish Network for illegal telemarketing including calls to DNC-registered numbers
- Federal Trade Commission, FTC press releases and case records, Capital One TCPA class action settlement $75.5M: Capital One / Kforce TCPA class action settled for approximately $75.5 million over autodialer calls to cell phones without consent
- PACER federal court records, Albertsons/Safeway TCPA class action settlement: Albertsons/Safeway TCPA text message class action settled for approximately $9.5 million over promotional texts sent without prior express written consent
- PACER federal court records, Cash App / Block TCPA class action settlement documents: Cash App faced TCPA class action over automated texts sent without sufficient consent
- PACER federal court records, Truist Bank TCPA class action settlement: Truist Bank TCPA settlement involved debt collection calls to reassigned numbers
- FCC, Rules and Regulations Implementing the Telephone Consumer Protection Act, 47 C.F.R. § 64.1200 and 2024 Consent Revocation Order: 47 C.F.R. § 64.1200(f)(9) defines prior express written consent; 2024 FCC order requires honoring revocation by any reasonable means; National DNC scrub required at least every 31 days
- Supreme Court of the United States, Spokeo, Inc. v. Robins, 578 U.S. 330 (2016): Spokeo v. Robins held plaintiffs must show concrete injury for Article III standing, though courts have largely found unwanted robocalls constitute concrete harm
- Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Facebook v. Duguid narrowed ATDS definition to devices using random or sequential number generators, limiting TCPA exposure for list-based dialers