With more business being handled exclusively online, data breaches are becoming more common and affecting more Americans daily. As major data breaches increase, legal actions against these incidents and class action settlements for victims are also rising.
Data breaches occur when unauthorized individuals access confidential, financial, or personal information to sell it or exploit victims financially. They can involve individuals, businesses, or government entities through common causes like social engineering attacks, vulnerable networks, insider leaks, skimming, or lost and stolen devices.
Below, we explain how settlements work, how to check eligibility, and what to expect when you file a claim.
Several warning signs, like suspicious account activity, indicate your data has been compromised. Official notification requirements vary by state and the facts of the breach; some people first learn of it from media coverage rather than direct notice. In some cases, the alert may arrive years after a breach occurs, often through email or mail.
Large breaches are often handled as class actions, allowing affected people with similar claims to proceed together. In these cases, available compensation can include documented out-of-pocket losses and, where applicable, other damages permitted by the settlement or law.
Class action settlements also allow those who did not file their own lawsuit to obtain benefits provided under the settlement, unless they purposefully excluded themselves from the settlement class by the deadline.
After a data breach, companies that experience security lapses may resolve the issue by settlement without admitting wrongdoing, although they must agree to a set amount for which they will reimburse victims.
When pursuing a data breach claim, you must provide evidence of the harm caused by the data breach. Evidence can include proof of the breach, like notification from the company about the breach, evidence of your compromised information, proof of financial harm, like fraudulent transactions, and communications with the company responsible for the data compromise.
New high-profile data breach settlements have allowed victims to recover damages for difficulties they experienced when their personal information was accessed through cyberattacks or unauthorized third-party access.
These major breaches across industries—credit reporting, telecom, health plans and providers, and nonprofit services—illustrate how relief can vary from case to case. Typical benefits may include cash reimbursement for documented out-of-pocket losses, time compensation, credit-monitoring/identity-theft services, and, in some matters, business-practice changes.
Equifax announced it experienced a data breach in September 2017, which impacted about 147 million people, exposing Social Security numbers, addresses, names, and dates of birth.
The consumer claims period closed in January 2024, with reimbursement up to $20,000. Per the settlement, free identity restoration services remain available until January 2029.
The company agreed to pay at least $575 million, possibly up to $700 million, after failing to secure its network before the breach.
In March 2024, AT&T experienced a data breach, leaking the sensitive personal information of 7.6 million current and 65.4 million former customers.
AT&T also experienced another data leak four months later. Victims of the first and second data breaches can file as first or second settlement class members.
If you can provide documentation that your losses can be traced to either the data incident in March or April 2024, you can submit a claim. Separate claim categories are tied to the March and April 2024 incidents; documentation must match the relevant incident. For first settlement classes, you can submit for a cash payment up to $5,000 for losses; second settlement classes may submit for cash payments up to $2,500.
The deadline to submit a claim is November 18, 2025, and it must be submitted by mail or the settlement website. Always confirm current deadlines and requirements on the official settlement website.
Great Expressions Dental Centers, a chain of dental practices in nine states, experienced a data breach in February 2023, exposing nearly 2 million patients’ personal information. After a cyberattack, hackers had access to patient data for six days, including basic personal information, billing records, financial accounts, credit card information, and medical history.
The deadline to submit a claim was November 8, 2024.
If your Social Security number was leaked in the breach, victims were entitled to a cash payment up to $500 and claims for out-of-pocket losses. Payments were capped at $300,000.
Victims of the breach could claim up to $500 for out-of-pocket losses if their Social Security numbers were not leaked in the Great Expressions Dental Centers settlement.
In April 2023, a cyberattack directed at Harvard Pilgrim Health Care allowed patients’ personal files, including personal, insurance, and medical information, to be accessed. Using ransomware, hackers obtained nearly 3 million patients’ data.
The deadline for this settlement was August 25, 2025. A settlement of $16 million has been agreed to, with victims able to claim up to $2,500 for expenses related to the breach, or up to $35,000 for those who experienced significant losses due to the data breach.
After a data breach in 2021, T-Mobile agreed to a $350 million settlement for consumers, with payments to begin after final approval and processing. The breach affected 76 million U.S. customers, exposing their personal information and selling their data on the dark web.
T-Mobile also committed $150 million to improve its cybersecurity practices and measures following the breach and settlement.
Nearly a year after a January 2022 data breach, Heartland Alliance disclosed the breach to impacted consumers in December 2022. Files containing patients’ medical history and information, billing and payment information, Social Security numbers, dates of birth, and names were stolen.
A settlement was reached, allowing class action lawsuit members to claim up to $6,000 in compensation for documented losses, and provides two years of credit monitoring and identity theft insurance.
If you were affected by the Heartland Alliance data breach, you must submit your claim online by October 30, 2025, or mail it with a postmark by that date.
Typically, if your information was compromised in a specific data breach, you are eligible for that settlement.
Determining if you are eligible for a settlement after a data breach depends on the breach’s circumstances and the settlement terms. You would be eligible to pursue a data breach lawsuit if a company’s negligence was responsible for the breach. Typically, they will settle the case, agreeing to payouts for those impacted, without needing to admit responsibility.
If the company has agreed to a settlement, there will usually be a website dedicated to the class action lawsuit and settlement, where you can see the qualifications for class members. The Federal Trade Commission also tracks active refund programs.
You would also be eligible if you received a data breach notification from the company in the mail. You can also verify your eligibility for the settlement by contacting the settlement administrators.
You can join a class action lawsuit and file a claim in a data breach settlement to receive compensation after a consumer data breach. Every class action lawsuit has specific deadlines for victims to file a claim, depending on when the breach occurred, and these can be found on official settlement websites.
If a class action lawsuit has already been filed against a company for a data breach, you can file a claim if your data was compromised, following the steps below.
Once you decide to file a claim after a data breach, gather all information regarding the data breach you have. This can include the official notification you received of the breach, related news articles, any evidence of your compromised data, like screenshots, and proof of financial or emotional harm, like proof of fraudulent transactions or identity theft.
If you are eligible, you can file a claim form through the settlement administrator’s website or contact the administrator directly for a paper claim form to fill out and mail in. Follow the exact instructions provided by the settlement administrator, and be sure to submit the claim before the filing deadline, or mail and postmark your mail-in form before the deadline. If mailed, keep a copy and proof of mailing.
After submitting your claim, you will be given a claim number and contacted with a decision regarding your claim’s status before receiving the benefits with other class members. You can contact the administrator for status updates on the claim, but payouts begin after the settlement is final.
After your data is breached, it can help to discuss your situation with a lawyer or firm that has handled data breach settlements before and class action lawsuits. Having a law firm experienced in class actions will represent your interests and other class members.
Data breaches can hurt victims’ finances, reputations, and emotional health. Compensation may be available, and a data breach lawyer can advise you on your next steps and provide you with all the options available and avenues of compensation.
Pursuing a data breach settlement through a class action lawsuit can hold companies responsible and assist you in recovering damages caused by these breaches.
Class Action U’s mission is to help victims of data breaches by providing information on lawsuits, education, and assistance in researching and joining class actions or finding representation. We are dedicated to empowering data breach victims throughout the legal process and providing resources to connect them with skilled attorneys experienced in class action lawsuits.
If you believe you may be a victim of a data breach, contact Class Action U and we’ll connect you with a class-action lawyer. There’s no cost to reach out and no obligation after you speak with us. Don’t stand alone—join the class.
"*" indicates required fields
©2024 ClassActionU
