Subscribe To Our Newsletter
Financial giant Fidelity Investments has agreed to a $2.5 million class action settlement resolving allegations that it failed to secure sensitive client data during an August 2024 network intrusion. Impacted consumers can secure two years of credit monitoring or up to $5,000 in fraud reimbursements by submitting a claim form before July 27, 2026.
Fidelity Investments will pay $2.5 million to resolve a class action lawsuit over a 2024 data breach that exposed the private financial details and identity records of tens of thousands of customers nationwide. The financial services giant agreed to the multi-million dollar settlement following allegations that it failed to maintain basic cybersecurity safeguards, leaving consumers exposed to an ongoing risk of fraud and identity theft.
The deal offers affected everyday people substantial financial compensation, including cash payouts of up to $5,000 for documented losses and free credit monitoring services. If you received a formal data breach notification letter from Fidelity regarding a security incident that occurred in August 2024, or if your banking details were exposed during that period, an important deadline is approaching to secure your benefits.
The class action lawsuit stems from an unauthorized network intrusion that took place over a three-day window in the summer of 2024. According to court records, an unauthorized third party successfully breached Fidelity’s computer network between August 17 and August 19, 2024, by submitting fraudulent requests to an internal database through newly established customer accounts.
Plaintiffs in the lawsuit alleged that the data security incident was entirely preventable. The legal complaint argued that Fidelity failed to implement reasonable, industry-standard cybersecurity measures that could have detected or blocked the fraudulent database queries. Furthermore, court documents show that the company waited nearly two months before notifying affected consumers that their financial profiles had been accessed, leaving victims unaware that their data was potentially circulating on the dark web.
The scope of the exposed information is particularly troubling for affected consumers because it involves data used to control personal bank accounts. Legal filings reveal that the cyberattack compromised sensitive, high-risk customer data, including full names, Social Security numbers, driver’s licenses, and physical home addresses.
Crucially, the hackers also managed to view and obtain financial account numbers and routing numbers. When data of this nature falls into the hands of cybercriminals, it provides them with the exact tools needed to orchestrate sophisticated bank fraud, drain personal accounts, or establish fraudulent credit lines under a victim’s name. This high level of risk is what prompted affected consumers to take legal action to hold the company accountable.
The legal action against Fidelity relies on a combination of strict consumer protection statutes and state privacy laws. Plaintiffs asserted that the financial institution’s failure to safeguard its data infrastructure constituted negligence and breached the implicit contract it held with account holders to protect their financial information.
The lawsuit also leveraged specialized state rules, such as the California Consumer Privacy Act (CCPA). This legislation mandates that businesses must maintain reasonable security procedures to protect consumer data, granting citizens the right to seek statutory damages if a company’s negligence results in a preventable data breach. By invoking these strict privacy frameworks, the lawsuit successfully pressured the financial giant into establishing a substantial compensation fund.
To help victims recover from the financial fallout of the cyberattack, the settlement provides a structured reimbursement tier for documented monetary losses. Eligible class members can submit a claim to receive up to $5,000 for actual out-of-pocket expenses incurred as a direct result of the data breach.
This reimbursement category covers a broad range of damages suffered between August 17, 2024, and July 27, 2026. You can claim compensation for unreimbursed fraud losses, identity theft damages, fees paid to credit repair professionals, costs for freezing or unfreezing credit reports, and miscellaneous expenses like postage or notary fees. To qualify for this tier, you must submit supporting third-party proof, such as receipts, bank statements, or official correspondence.
Recognizing that many victims spend significant personal time managing a breach even if they don’t lose direct funds, the settlement includes a proof-free cash option. All eligible class members can skip the documentation process and apply for a standard pro rata cash payment. This baseline payout is currently estimated to be around $100, though the final check amount could fluctuate depending on how many total people file valid claims.
Additionally, the settlement features an extra benefit designed specifically to satisfy localized privacy statutes. Class members who are residents of California can claim an additional $50 payment tied directly to the CCPA allegations brought against the company. This state-specific rebate can be claimed on top of the standard cash payout, and it requires no receipts or proof of identity theft to qualify.
Beyond standard cash payments, the settlement fund will provide participants with essential tools to secure their financial identities moving forward. All settlement class members can choose to enroll in two years of comprehensive, one-bureau credit monitoring and identity theft protection services through the claims process.
This security coverage includes active monitoring for dark web postings, suspicious high-risk transactions, and unauthorized credit inquiries. Crucially, the protection service comes backed by a $1 million financial fraud and identity theft insurance policy. This insurance helps cover the immense legal and professional costs associated with restoring your name if a criminal uses your stolen data to commit fraud in the future.
The gross $2.5 million settlement fund established by Fidelity will be used to resolve all aspects of the multi-district litigation. Before payments are mailed to everyday consumers, the fund will be utilized to settle court-approved administrative costs, notice expenses, and legal awards.
Per the terms of the proposal, class action attorneys can request up to 33.3% of the fund to cover legal fees, which equates to roughly $833,000, plus reimbursement for reasonable out-of-pocket litigation expenses. The named plaintiffs who initiated the lawsuit will also receive service awards for their efforts on behalf of the public. Every dollar remaining in the net fund will be dedicated strictly to paying out consumer cash claims and funding the identity theft insurance policies.
The criteria for joining this legal resolution cover individuals across the United States who had their private account information exposed. You may be eligible to participate in the settlement if you reside in the U.S. and received a data breach notification letter from Fidelity informing you that your personal information was compromised during the August 2024 security incident.
The settlement specifically covers approximately 77,000 individuals who were directly notified by the firm. Furthermore, court documents indicate that an estimated 86,000 additional customers whose bank account and routing numbers were exposed during the breach window may also be eligible to collect benefits, even if they did not receive a direct physical letter. If you have joint accounts, note that only one claim is permitted per compromised account number.
To secure your share of the $2.5 million fund, you must take active steps to complete a claim form. The fastest and most efficient way to submit your request is online by visiting the official court-approved portal at FidelityDataSettlement.com. To log into the secure server, you will need the unique Login ID and PIN located on the physical notice packet mailed to your home.
If you misplaced your notice or never received one, you can contact the settlement administrator directly at info@FidelityDataSettlement.com to request your unique credentials by providing your full name and mailing address. Alternatively, you can download a paper PDF claim form from the site and mail it to: Fidelity Data Security Incident Settlement, c/o Settlement Administrator, P.O. Box 25226, Santa Ana, CA 92799. All forms must be submitted online or postmarked by the firm deadline of July 27, 2026.
When participating in data breach litigation, staying aware of the court’s strict calendar is vital. While the deadline to file a claim is July 27, 2026, the deadlines to formally object to the deal or opt out entirely to preserve your individual right to sue Fidelity independently passed on June 26, 2026.
The federal court held a formal Fairness Hearing in Massachusetts on July 9, 2026, to review the overall structure of the agreement and determine if the $2.5 million layout is fair, reasonable, and adequate for consumers. Because the legal process requires final authorization and must allow time for potential appeals to resolve, checks will not be distributed immediately. Cash payments and credit monitoring registration codes will be sent out once the final approval order is fully finalized by the judge.
New cases and investigations, settlement deadlines, and news straight to your inbox.