Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Lee University Reaches $1.75 Million Class Action Settlement Following Major 2024 Data Breach

Lee University has agreed to a $1.75 million class action settlement resolving allegations that it failed to protect the personal information of nearly 137,000 individuals during a March 2024 data breach. If you received a breach notice from the school, you may be eligible to claim up to $5,000 in cash benefits and credit monitoring.

large-field-of-ripe-wheat-under-the-open-sky-on-a-2025-02-12-05-09-11-utc 1

A federal court granted preliminary approval to the $1.75 million settlement agreement on May 18, 2026, marking a massive milestone for the student body, faculty, and administrative staff who were left vulnerable after a extensive network security failure. The lawsuit, officially captioned Harris et al. v. Lee University, was initially brought forward by affected individuals who argued that the Cleveland, Tennessee-based private Christian university fell short of its legal obligations to protect sensitive user records.

By establishing this $1.75 million common fund, the university aims to resolve all claims stemming from the cyberattack while avoiding the ongoing expenses, risks, and disruption of a prolonged trial. For everyday people, this settlement represents a clear opportunity to obtain financial recovery and proactive protection services without the need to hire a private lawyer or pay out-of-pocket fees.

To streamline the distribution of these benefits, the court has authorized the launch of a dedicated settlement portal at LeeUniversityDataBreachSettlement.com. Through this platform, registered class members can safely review their legal options, update their contact information, and submit claim forms directly to the court-appointed administrator, Kroll Settlement Administration.

What Personal Information Was Exposed in the Breach?

The roots of this legal battle go back to March 22, 2024, when unauthorized hackers managed to bypass Lee University’s digital defenses and access its internal file servers. According to court records, the cybercriminals successfully “obtained and exfiltrated” the private records of exactly 136,928 individuals. This massive data set contained highly sensitive data points that are frequently targeted by identity thieves operating on the dark web.

Specifically, the compromised files included full names, Social Security numbers, driver’s license numbers, and other government-issued identification numbers, such as passport or state ID cards. Additionally, the university confirmed that financial account numbers, credit or debit card details, and certain medical or health insurance records were exposed during the security failure.

Because of the diverse nature of the files involved, the exact categories of exposed data vary significantly from person to person. For some individuals, the breach may have only exposed basic enrollment records, while others had their entire financial and personal histories compromised. No matter the extent of your personal exposure, having your private identifiers stored in unsecured systems can leave you vulnerable to targeted phishing schemes and fraudulent credit activities for years to come.

How the $1.75 Million Settlement Fund Protects You

The settlement has been designed to provide flexible relief to those who have felt the anxiety and financial strain of this security event. If you are a member of the settlement class, you can choose from several distinct benefit categories depending on how the breach has impacted your life.

First, you can claim up to $5,000 in cash reimbursement for documented out-of-pocket losses. This category is meant to cover real money you spent trying to protect yourself or recover from fraud. Eligible expenses include bank fees, communication charges, credit freeze costs, or hours of missed work directly related to fixing identity theft. To qualify for this reimbursement, you must submit clear, supporting documentation, such as receipts, invoices, or bank statements showing the unauthorized charges.

If you did not lose money but still had to deal with the stress and hassle of having your personal details exposed, you can opt for an alternative pro rata cash payment. This option does not require any proof of loss and is estimated to be approximately $100. However, the final amount of these cash payouts could increase or decrease depending on the total number of valid claims received by the administrator.

Free Credit Monitoring and Identity Theft Protection

On top of direct cash options, the settlement provides class members with the option to sign up for one year of free, single-bureau credit monitoring services. This security coverage includes real-time credit tracking, instant alerts when new accounts are opened in your name, and dedicated medical identity theft insurance policies.

Many affected individuals previously received temporary, complimentary credit monitoring through IDX when Lee University sent out its initial notification letters in March 2025. This settlement-sponsored monitoring operates independently. Even if you signed up for the initial free service, you are still fully eligible to claim this additional year of credit monitoring through the settlement claim form.

By providing these monitoring services alongside cash relief, the settlement aims to give everyday people the tools they need to monitor their credit files closely and detect any suspicious activity before it escalates into severe financial damage. Taking advantage of these credit alerts is one of the most effective ways to reclaim peace of mind after a major data security failure.

How to File a Claim and Key Deadlines to Keep in Mind

If you want to receive any cash payments or credit monitoring benefits from this settlement, you must take active steps to protect your rights. The court has established a strict timeline for submitting claim forms, opting out of the litigation, or objecting to the terms of the deal.

To submit your claim online, visit LeeUniversityDataBreachSettlement.com and navigate to the claim filing page. You will need to enter the unique Class Member ID located on the paper or email notice you received. If you did not receive a notice but believe you were affected, you can contact the settlement administrator to check your eligibility. Alternatively, you can download a paper PDF claim form from the site, fill it out by hand, and mail it to the administrator.

The absolute deadline to submit your claim form online or have it postmarked by mail is August 19, 2026. If you miss this date, you will lose your right to claim a share of the settlement fund. If you wish to exclude yourself from the settlement to preserve your right to sue the university individually, your opt-out request must be submitted by August 4, 2026. The court will hold a final approval hearing on September 3, 2026, to decide if the settlement is fair and reasonable.

The Legal and Ethical Obligations of Higher Education Institutions

This lawsuit highlights a growing trend of cybercriminals targeting academic institutions, which often hold vast amounts of personal, financial, and medical data but lack the robust cybersecurity infrastructures found in the corporate sector. From a legal standpoint, universities have a binding duty of care to implement reasonable and updated administrative, physical, and technical safeguards.

Under various state consumer protection laws and federal guidelines, schools are expected to encrypt sensitive databases, regularly patch software vulnerabilities, and monitor networks for unusual traffic. When an institution fails to keep pace with modern threat landscapes, it can be held liable under common-law negligence theories.

For the plaintiffs in this case, the legal battle was about more than just recovering lost money—it was about forcing educational institutions to take data security seriously. By taking legal action, class members have sent a clear message to administrators nationwide: protecting student and employee data is not optional, and organizations that fail to secure their networks will be held financially and socially accountable.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
The Time for Action is Now!
Mass Arbitrations
Active Data Breaches
Date of Breach: Not Specified
Date of Breach: Not Specified
Date of Breach: July 13, 2026
Latest News