Subscribe To Our Newsletter
If your private data was compromised by the University of St. Thomas, you have the power to take control of the situation. You can visit the settlement website today to complete your claim before the September 28, 2026, deadline.
Everyday people who had their highly sensitive information exposed during a 2025 cyberattack at the University of St. Thomas may now take action to secure cash payouts and identity theft protection. The Texas-based private institution recently agreed to a class action settlement to resolve allegations that it failed to adequately protect private information from unauthorized access.
The settlement, which received preliminary court approval on May 28, 2026, aims to hold companies accountable when they fall short on cybersecurity. If you received a formal data breach notice letter from the University of St. Thomas regarding the security incident that took place between July 25, 2025, and August 12, 2025, you may be eligible to file a claim for financial compensation.
The class action lawsuit stems from an unauthorized network intrusion that went undetected for nearly three weeks during the summer of 2025. According to court records, cybercriminals successfully breached the university’s computer systems between July 25 and August 12, 2025, gaining access to a massive repository of sensitive files belonging to students, staff, donors, and other affiliates.
Plaintiffs in the lawsuit alleged that the private Catholic university failed to implement reasonable, up-to-date cybersecurity measures that could have prevented or mitigated the breach. They argued that the school had a legal and ethical obligation to protect the digital identities of the people who trusted them with their information, leaving victims exposed to an ongoing risk of fraud.
The scope of the exposed data is particularly broad and highly sensitive, making the breach a serious concern for affected consumers. Court documents reveal that the compromised information included standard personal identifiers such as full names, home addresses, email addresses, phone numbers, and donor contact information. However, the data exposure went significantly deeper.
Hackers reportedly accessed highly confidential records, including Social Security numbers, bank account details, credit card numbers, passport copies, and driver’s licenses. Furthermore, the breach exposed work-related account logins and passwords, club membership data, disciplinary records, employment files, and sensitive legal documentation. This extensive variety of stolen data places victims at a high risk for complex identity theft schemes.
The settlement provides structured relief to help affected individuals recover from the financial fallout of the data breach. Class members who have suffered direct financial losses can submit a claim for up to $500 in documented “ordinary” losses. These losses must have been incurred between July 25, 2025, and September 28, 2026, as a direct result of the cyberattack.
Ordinary losses cover a wide range of everyday expenses that people face when trying to fix a compromised identity. You can claim reimbursement for professional fees, credit repair services, and costs associated with freezing or unfreezing your credit files. Additionally, the settlement covers minor out-of-pocket expenses such as notary fees, fax costs, postage, mileage, and long-distance telephone charges.
For individuals who faced more severe consequences from the University of St. Thomas data breach, the settlement offers an “extraordinary” losses category. Affected consumers can file a claim to receive up to $4,500 for documented extraordinary losses. Like ordinary losses, these must have occurred between July 25, 2025, and September 28, 2026, and must be tied directly to the breach.
This higher tier of compensation specifically targets actual monetary losses resulting from identity theft or fraud that have not been reimbursed by other sources, such as a bank or insurance provider. To successfully claim these funds, you must provide clear, third-party supporting documentation. This can include items like official bank statements, police reports, or correspondence with financial institutions.
Recognizing that some data is inherently more invasive when exposed, the settlement includes a specialized $100 cash payment category. This specific benefit is carved out for settlement class members who experienced the disclosure of highly restrictive personal information. This includes items such as internal employee files, disciplinary records, and official reports detailing professional or criminal misconduct.
It also applies to individuals whose sensitive information regarding legal proceedings or settlement agreements was exposed during the hack. To receive this flat $100 payment, class members must submit valid supporting documentation verifying that their specific files were included in this highly sensitive category. This cash benefit can be claimed in addition to other documented-loss reimbursements.
If you were affected by the breach but did not experience direct financial losses or identity theft, you still have options. The settlement allows class members to bypass the documented-loss claims entirely and choose a $50 alternative cash payment. The primary advantage of this option is that it requires absolutely no proof of loss or receipts to qualify.
Alternatively, class members can use their claim form to enroll in three years of comprehensive, one-bureau credit monitoring and identity theft protection services. This package includes active monitoring of your credit file and identity theft insurance to protect your financial future. You can choose the credit monitoring alongside your documented loss claims, or opt for the $50 flat cash payout instead.
While the university has not admitted to any wrongdoing and maintains that it acted responsibly, the settlement forces a level of corporate accountability. In the United States, institutions that handle massive amounts of personal data are increasingly held to strict standards under state-level privacy laws and federal consumer protection acts. In Texas, companies must notify victims of breaches promptly and protect consumer data.
When everyday people fight back through class action litigation, it sends a message to large organizations that data security cannot be treated as an afterthought. For students and employees, a university is more than a school; it is a custodian of their entire life’s history, from financial aid data to background checks, making robust cybersecurity a legal necessity.
You may be eligible to participate in this settlement if you are a resident of the United States and received an official notice letter via regular mail from the University of St. Thomas. The letter must state that your personal data was potentially compromised during the cyber incident that occurred between July 25, 2025, and August 12, 2025.
If you threw the letter away or are unsure whether you are included, you can verify your status by visiting the official, court-approved settlement website at USTDataSettlement.com. The platform allows you to check your eligibility. If you are a confirmed class member, the physical letter you received contains a unique login ID and a PIN required to access the online claim portal.
To claim your piece of the settlement, you must fill out a claim form online or send a paper copy through the mail. To do this online, navigate to the official website and input your assigned login credentials. If you prefer to file by mail, you can download and print a PDF version of the form directly from the settlement site.
The absolute deadline to submit your claim form online or have it postmarked by the postal service is September 28, 2026. Because this deadline is firm, you should gather your receipts, bank statements, or notice letters as quickly as possible. Don’t stand alone in dealing with the aftermath of a corporate data breach; taking a few minutes to file a claim ensures your rights are protected.
The settlement has only received preliminary approval, meaning the legal process is still unfolding. The court must hold a final approval hearing to review the terms of the agreement and make a final determination on whether the deal is fair to the victims. A specific date for this final hearing has not yet been set.
It is important to note that compensation will not be distributed immediately. Payouts and credit monitoring codes will only be sent to eligible class members after the court grants final approval and any subsequent legal appeals are completely resolved. Checking the official website periodically is the best way to stay informed on the timeline.
New cases and investigations, settlement deadlines, and news straight to your inbox.