Subscribe To Our Newsletter
Subscribe To Our Newsletter
Doxim, Inc., a prominent third-party financial services provider for credit unions, has agreed to a $5.5 million settlement to resolve a class action lawsuit over a devastating data breach.
The lawsuit was filed after a security incident occurred on or about December 30, 2023. Doxim operates as a critical backend service provider for various financial institutions, handling sensitive tasks like preparing account statements and tax documents for credit union clients such as Beacon and Credit Union ONE. Because of this arrangement, when Doxim’s systems were compromised, the private records of everyday people who belong to these credit unions were left vulnerable to malicious actors.
The plaintiffs in the class action lawsuit alleged that Doxim did not maintain reasonable digital safeguards to protect consumer data. Instead of properly locking down its servers, the company allegedly allowed a massive security gap that hackers were able to exploit. The lawsuit argues that because consumers trusted their local credit unions with their financial livelihoods, Doxim had a strict legal and ethical obligation to protect that data from unauthorized access.
The road to holding Doxim accountable has reached a major milestone for affected consumers. On June 5, 2026, a federal court granted preliminary approval to the $5.5 million settlement agreement, signaling that the legal framework for consumer compensation is officially in motion.
While this preliminary approval is a massive victory, the legal process requires one final check. The court has scheduled a final approval hearing for October 28, 2026, where the judge will review the overall fairness of the deal. It is important for consumers to know that no settlement money or benefits will be distributed until after the judge grants final approval and any potential legal appeals are fully resolved.
When a financial services provider that processes tax forms and bank statements suffers a data breach, the exposed information is incredibly sensitive. The Doxim security incident involved exactly the type of data that identity thieves look for on the dark web.
According to court documents, the private information that may have been impacted in the December 2023 breach includes full names, mailing addresses, financial account numbers, and Social Security numbers. This combination of data is highly dangerous; with access to a person’s name, financial account details, and Social Security number, cybercriminals can easily open fraudulent credit lines, drain bank accounts, or commit sophisticated tax fraud.
If your personal information was compromised in this breach, you may be eligible to receive substantial financial compensation. The $5.5 million settlement offers two primary options for cash payouts, depending on how much the breach disrupted your life.
First, class members who experienced direct financial harm can submit a claim for up to $5,000 in out-of-pocket losses. This tier is designed to reimburse you for real-world expenses that are traceable to the data breach. Covered expenses include costs resulting from identity theft or fraud, the cost of purchasing credit reports, fees for credit monitoring services, professional fees (such as hiring an accountant or attorney to fix identity issues), postage, and other related expenses. To successfully secure an out-of-pocket loss payment, you must submit proof of your losses, such as receipts, bank statements, or invoices.
Recognizing that many everyday people suffer from data breaches without necessarily having thousands of dollars in documented financial damage, the settlement includes a simplified secondary option.
If you do not have receipts or proof of fraud but still want to hold the company accountable, you can choose to file a claim for an estimated $100 cash payment. This alternative cash payout requires no proof of loss whatsoever. However, consumers should be aware that the final value of these cash payments—both the $100 flat payout and the $5,000 out-of-pocket cap—may increase or decrease. The final amounts will depend entirely on how many eligible class members step forward to file a valid claim. Additionally, all class members can submit a claim to receive one full year of complimentary credit monitoring services, which includes robust identity theft insurance.
The legal action against Doxim highlights the critical responsibilities placed on third-party vendors under modern data privacy frameworks. When major financial entities outsource data processing to companies like Doxim, those third parties become the guardians of consumer privacy.
This lawsuit was built on consumer protection laws that require companies handling sensitive financial information to maintain strict cybersecurity protocols. By forcing a $5.5 million settlement, the litigation sends a clear warning to the financial services industry: corporations cannot cut corners on data security without facing serious financial and legal consequences. For everyday people, class action lawsuits like this provide a vital mechanism to level the playing field against massive corporate entities.
Are you wondering if you are included in this multi-million dollar settlement? The settlement class is specifically designed to cover individuals directly harmed by the late 2023 security incident.
You may be eligible to participate and claim benefits if you are a living United States resident who was identified by Doxim as an impacted individual, and you were sent an official notice regarding the December 2023 data breach by either Doxim itself or by one of its credit union clients (such as Beacon or Credit Union ONE). If you received a letter or email informing you that your data was compromised in this specific breach, you are considered a member of the settlement class.
New cases and investigations, settlement deadlines, and news straight to your inbox.
