Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Johnson & Wales University Data Breach: Class Action Settlement Reached After Cyberattack

Johnson & Wales University finalized a $454,200 class action settlement to resolve a lawsuit tied to a July 2024 data breach. Impacted individuals who received an official notice had until April 6, 2026, to file claims for up to $1,000 in documented losses, a $50 alternative cash payment, and up to three years of free credit monitoring.

large-field-of-ripe-wheat-under-the-open-sky-on-a-2025-02-12-05-09-11-utc 1

The settlement, which received final court approval on May 15, 2026, allows affected individuals to claim up to $1,000 for documented losses, a flat cash payout, and free credit monitoring services. The lawsuit stems from a serious cyberattack that targeted Johnson & Wales University (JWU) in July 2024. According to the litigation, an unauthorized third-party criminal actor managed to bypass the university’s cybersecurity defenses and gain access to its internal computer network. Once inside, the hacker potentially accessed and compromised sensitive personal data belonging to certain individuals tied to the institution.

Data breaches like this place an immense burden on everyday people. When an organization fails to safeguard your personal records, cybercriminals can use that information to commit identity theft, open fraudulent accounts, or launch targeted phishing scams. Plaintiffs in the lawsuit alleged that the university did not maintain adequate cybersecurity measures to prevent data from falling into the wrong hands. While Johnson & Wales University agreed to financial terms to resolve the case, the institution has not admitted any legal wrongdoing or liability regarding the security failure.

What Sensitive Personal Data Was Exposed in the Campus Network Breach?

When network security systems fail, the specific types of data exposed dictate the level of risk you face. In the JWU security incident, the unauthorized intruder accessed areas of the university’s network containing sensitive personal identifying information. While the exact files varied by individual, data breaches of educational institutions typically involve critical records such as Social Security numbers, financial account details, academic records, and employee tax forms.

Impacted individuals found out about the breach after receiving an official data breach notification letter from Johnson & Wales University. These notices informed victims that their private data had been caught up in the July 2024 cyberattack. Receiving a notice like this can be incredibly stressful, leaving you to wonder if or when your information will be sold on the dark web or exploited by fraudsters.

How the $454,200 Settlement Fund Is Being Allocated

To resolve the claims without going through a lengthy and unpredictable trial, the university established a total settlement fund of $454,200. This fund is designed to cover all aspects of the lawsuit’s resolution, ensuring that individual class members receive financial compensation while also covering the legal and administrative costs of holding the institution accountable.

The court approved a specific breakdown for how the $454,200 will be distributed. Legal counsel representing the affected consumers can receive up to $151,400 in attorneys’ fees, alongside covered court costs. The three class representatives—the everyday people who stepped forward to lead the lawsuit on behalf of everyone else—received service awards of up to $2,500 each, totaling $7,500. Settlement administration costs to manage and verify claims are also paid directly out of this fund. Crucially, the entire remaining balance of the fund is dedicated entirely to paying out approved claims to eligible class members.

Determining Your Eligibility for the Johnson & Wales Settlement

You may be eligible to participate in this settlement if you are a living resident of the United States who received an official written notice from Johnson & Wales University regarding the July 2024 data breach. The settlement is designed specifically to help everyday people who faced real security risks because of this specific incident.

If you received that data breach letter, you were automatically considered a class member. The settlement parameters gave affected individuals a choice in how they wanted to be compensated, recognizing that a data breach impacts everyone differently. Some people experience direct financial harm, while others face the ongoing anxiety of knowing their data is exposed. The settlement provided options to address both scenarios.

Cash Payment Options and Documented Loss Reimbursements Explained

Eligible class members had the opportunity to choose between two distinct types of cash payments depending on how the data breach impacted them. The first option, Cash Payment A, allowed individuals to claim up to $1,000 for actual, documented financial losses. To qualify for this tier, the loss must have been directly caused by the July 2024 data breach and could not have been reimbursed by an insurance provider or bank. Eligible out-of-pocket expenses included costs from fraud or identity theft, fees paid to freeze or unfreeze credit reports, and miscellaneous expenses like notary fees, postage, faxes, photocopying, or mileage driven to resolve identity issues.

For those who did not experience direct out-of-pocket expenses but still wanted to hold the company accountable, Cash Payment B offered an alternate route. This option provided a flat cash payment of $50 without requiring any receipts or documentation. However, the final amount of this flat payment may be adjusted up or down by the settlement administrator depending on how many total valid claims were submitted against the remaining fund.

Free Credit Monitoring Services Offered to Protect Your Identity

In addition to receiving either Cash Payment A or Cash Payment B, class members were also eligible to claim up to three years of free credit monitoring services. Providing credit monitoring is a standard and vital remedy in data breach litigation because the threat of identity theft does not simply disappear after a lawsuit concludes.

Stolen personal data can remain dormant for years before a criminal attempts to use it. Having professional credit monitoring services in place ensures that your credit profiles are continuously scanned for suspicious activity, such as unauthorized credit inquiries or new accounts opened in your name. This service gives everyday people an essential layer of defense and peace of mind as they move forward from the breach.

Deadlines and Required Proof for Submitting a Settlement Claim

To secure a payout or credit monitoring, class members were required to fill out a claim form either online or by mail. The strict deadline to submit a claim, as well as the deadline to opt out of the settlement, was April 6, 2026. Because this date has passed, the window to submit new claims for this specific fund is now closed.

For those who submitted claims for documented losses under Cash Payment A, strict proof was required. Claimants had to provide clear evidence of their financial losses, such as receipts, bank statements, or official correspondence showing unreimbursed fraud. For those who selected the alternate $50 cash payment or the free credit monitoring, no supporting documentation was necessary. Class members were able to select their preferred digital payout methods, including PayPal or Venmo, or opt for a traditional physical check sent to their mailing address.

Legal Protections and Consumer Rights in Data Breach Lawsuits

Data breach litigation relies heavily on state and federal consumer protection laws to hold organizations responsible for data security failures. When you hand over your personal, financial, or academic information to an entity like a university, there is an implicit legal duty for that organization to protect it using industry-standard security protocols.

When a company fails to maintain those standards and a breach occurs, class action lawsuits give everyday people a mechanism to fight back collectively. Instead of forcing a single student or employee to spend thousands of dollars fighting a large institution alone, class actions allow thousands of impacted individuals to band together. This collective action ensures that even smaller data breaches face legal scrutiny and that companies are forced to prioritize cybersecurity moving forward.

Current Timeline and Expected Payout Dates for Claimants

The legal process for this lawsuit reached a major milestone on May 13, 2026, when the court held its final approval hearing to review the fairness of the deal. Finding the settlement terms appropriate, the court officially granted final approval on May 15, 2026. This means the settlement is legally binding and the funds are locked in for distribution.

Currently, the settlement administrator is in the process of auditing, reviewing, and administering all the claims that were submitted before the April deadline. The official distribution and payout date will occur as soon as this administrative review is completed. If you successfully filed a claim before the deadline, you should monitor the official settlement website periodically for updates on exactly when digital payments and physical checks will be sent out.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
The Time for Action is Now!
Mass Arbitrations
Active Data Breaches
Date of Breach: May 13, 2026
Date of Breach: April 21, 2026
Date of Breach: July 9, 2026
Latest News