$7.5M Enzo Biochem Data Breach Class Action Settlement

Data Breach Class Action and Mass Tort Investigation

Photo Credit: Unsplash | Published: March 11, 2025

Claim Form Deadline: June 23, 2025

Estimated Payout: Varies

Proof required: Up to $10,000

What is the $7.5M Enzo Biochem Care Data Breach Settlement?

A $7.5 million class action lawsuit has been settled with Enzo Biochem, Inc. and Enzo Clinical Labs, Inc. over allegations that a ransomware attack on April 6, 2023 potentially compromised the personal information of former patients or individuals affiliated with Enzo. Enzo Biochem denies all claims and wrongdoing, but has agreed to pay out $7,500,000 to affected consumers after it allegedly failed to safeguard the data of 2,470,000 individuals.

Enzo Biochem is a life sciences biotech company based in New York City with different divisions, including one that provides clinical lab services to patients. About 600,000 of those individuals affected reportedly had their Social Security numbers accessed as well. Social security numbers are considered extremely sensitive and personally identifiable information.

What is the Total Settlement Amount?

The total settlement amount is $7,500,000.

How Do I Qualify For a Payout?

You qualify if you are a natural person and resident of the United States whose personal information was potentially compromised in the April 2023 Network Incident and received a notification from Enzo about the incident.

How Much Can I Get Paid?

You can receive up to $10,000 for documented losses related to the Network Incident, a pro rata share of the Net Settlement Fund, and/or two years of Healthcare Data and Credit Monitoring and Insurance Services.

How Do I File a Claim?

Complete and submit a Claim Form available online, or request one by mail or phone. Submit the form online or mail it via snail mail.

What is the Claim Form Deadline?

The Claim Form must be postmarked by June 23, 2025.

Do I Need Proof to File a Claim?

Yes, for Documented Loss Payment, you need to submit an attestation and reasonable documentation of the losses. No documentation is required for the Cash Fund Payment, but you may be required to provide a unique ID, pin or code you may have already received via a data breach or settlement notice.

What Were The Biggest Ransomware Attacks in History?

WannaCry: In May 2017, the WannaCry ransomware spread globally, infecting hundreds of thousands of computers in over 150 countries. It targeted computers running Microsoft Windows operating systems, encrypting files and demanding ransom payments in Bitcoin. WannaCry affected organizations such as the UK's National Health Service (NHS), causing widespread disruption to healthcare services.

NotPetya: This ransomware attack, which emerged in June 2017, initially masqueraded as a variant of the Petya ransomware. However, it was later revealed to be a more destructive malware aimed at causing disruption rather than generating ransom payments. NotPetya affected numerous organizations worldwide, including shipping giant Maersk, pharmaceutical company Merck, and Ukraine's government institutions.

Colonial Pipeline: A major fuel pipeline system in the United States, fell victim to a ransomware attack. The DarkSide ransomware gang was responsible for the attack, which led to the shutdown of the pipeline for several days. The incident caused fuel shortages and price increases along the East Coast of the United States.

Kaseya: A supply chain attack targeting the software provider Kaseya impacted numerous managed service providers (MSPs) and their clients. The REvil ransomware gang exploited a vulnerability in Kaseya's software, leading to the encryption of files on the networks of affected organizations. This attack affected thousands of businesses worldwide.

Ransomware attacks have targeted individuals, businesses, hospitals, and even government institutions, causing financial losses, disruption of services, and significant headaches for victims. The cat-and-mouse game between cyber-criminals and cybersecurity experts continues as they battle to protect the digital world from these digital hostage-takers.

You can find a curated list of all the data breaches published by the United States Department of Health and Human Services. These data breaches include events that impacted at least 500 people, and were reported, which impacted protected health information of those individuals. The U.S. government is required, by law, to update this list of medical information-related data breaches.