Data Breach Class Actions 2026: Open Settlements, Eligibility & How to Claim
By Steve Levine
Last updated: April 29, 2026
Status
12+ Settlements Open
claims being filed now · new breaches added monthly
Deadlines
May 2026 – August 2026
earliest: Christian Dior (May 25, 2026) · latest tracked: Comcast Xfinity (Aug 14, 2026)
Compensation
$30 to $10,000+
tier without proof · documented out-of-pocket losses up to $10,000 (Comcast) · CCPA $100 add-on for California residents on several settlements
Proof Required
Sometimes
flat-rate / pro-rata tiers usually need only a Class Member ID; documented-loss tier requires receipts or statements
Currently Open Data Breach Class Action Settlements
Below is OpenClassActions' tracked list of every data breach class action settlement currently accepting claims, sorted by claim deadline (soonest first). Each row links to a dedicated page with eligibility, payout tiers, proof requirements, and the official claim portal. We update this table as new settlements receive preliminary approval and as deadlines pass.| Settlement | Claim Deadline | Fund | Payout | Proof |
|---|---|---|---|---|
| Eureka Casino Hotel Data Breach | May 11, 2026 | — | $100 / up to $5,000 | Tiered |
| Christian Dior Data Breach | May 25, 2026 | — | $100 / up to $1,500 + $100 | Tiered |
| Nissan Employees Data Breach | May 26, 2026 | $1.5M | Pro-rata + documented losses | Tiered |
| Essen Medical Data Breach | June 1, 2026 | $4M | Pro-rata + documented losses | Tiered |
| SouthState Bank Data Breach | June 15, 2026 | $1.5M | Pro-rata cash + up to $3,500 + 1 yr credit monitoring | Optional |
| Avis Rent A Car Data Breach | June 21, 2026 | — | Up to $5,000 documented losses | Yes |
| Krispy Kreme Data Breach | June 22, 2026 | $1.6M | $75 / up to $3,500 | Tiered |
| LastPass Data Breach | July 2, 2026 | $24.45M | Pending allocation | Tiered |
| Pawn America Data Breach | July 6, 2026 | $3.185M | $30 + up to $5,000 (Claim ID + PIN) | Tiered |
| Maxar Space Systems Data Breach | July 16, 2026 | — | Up to $3,500 + 3 yr credit monitoring + $100 CCPA (CA) | Tiered |
| SAG-AFTRA Health Plan Data Breach | July 23, 2026 | $950K | Up to $5,000 + 18 mo CyEx Medical Shield + 2× CA | Tiered |
| Comcast Xfinity Data Breach | August 14, 2026 | $117.5M | ~$50 cash / up to $10,000 | Tiered |
Related Privacy & Tracking Class Actions
Website tracking, pixel, BIPA (biometric) and VPPA (video privacy) cases involve compromise of similar categories of personal information. Currently open on OpenClassActions.com:| Settlement | Deadline | Fund | Type |
|---|---|---|---|
| LA Times Privacy & Tracking | May 20, 2026 | $3.85M | Website tracking |
| PowerSchool Naviance Student Privacy | May 26, 2026 | $17.25M | Student data privacy |
| Seafood City Supermarket BIPA | June 1, 2026 (exclusion) | $300K | Biometric (BIPA) |
What Is a Data Breach Class Action?
A data breach class action is a civil lawsuit brought on behalf of every person whose personal information was exposed in the same incident. Plaintiffs typically allege the company that held the data — the “defendant” — failed to use reasonable cybersecurity safeguards (negligence), breached its own privacy promises (breach of contract or implied contract), or violated a state statute such as the California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act (BIPA), or a state data breach notification law.Most data breach class actions resolve in settlement rather than trial. A typical settlement provides a tiered cash payment (a flat-rate or pro-rata cash payment with no proof, plus a higher reimbursement tier of $2,500–$10,000 for class members who can document out-of-pocket losses such as fraud, credit-monitoring fees, or unreimbursed time), free credit monitoring for one to three years, and additional statutory payments for residents of states with strong consumer-privacy laws (notably the $100 CCPA payment for California residents on multi-state settlements). The settlement is paid by the company that suffered the breach (or its cybersecurity insurer) into a court-supervised fund administered by an independent settlement administrator.
I Received a Data Breach Notice — What Now?
Millions of Americans have been receiving data breach notices in their mail or their email inbox like the one below. If so, you may be entitled to significant compensation as part of data breach class action settlements.
The following personally identifiable or protected healthcare information may have been exposed in these data breaches:
• Names,
• Social Security Numbers,
• Dates of Birth,
• Health Insurance Information,
• Medical Information,
• Diagnosis Information,
• Health Insurance Group and Policy Numbers,
• Subscriber Numbers,
• Prescription Information.
Data breaches are serious matters that can cause long term damage. Hackers break into networks so that they can steal your personal information to sell it on the dark web, commit identity theft, financial theft or other types of fraud.
How to Verify Your Data Breach Notice Is Real (Not Phishing)
Scammers send fake “data breach notices” that look identical to real ones, hoping you'll click a link, hand over a Social Security Number, or pay a bogus “identity protection fee.” Real breach notices and real settlement administrators never charge a fee, never ask for a wire transfer or gift cards, and never pressure you to act in the next 24 hours.Use this checklist before clicking anything:
• Verify the breach exists. Cross-check the breached company's name against the U.S. Department of Health and Human Services Office for Civil Rights HIPAA Breach Portal (for healthcare breaches), the California Attorney General's data breach list, the Maine Attorney General data breach notifications, or the Washington State Attorney General data breach directory. Real breaches show up in at least one of these public registries.
• Verify the settlement administrator. Real settlement administrators in the U.S. are typically Kroll, Epiq, A.B. Data, Angeion, Atticus, JND Legal, Verita, Postlethwaite & Netterville, or Settlement Services Inc. The official settlement website almost always uses a dedicated domain naming the case (e.g., maxarsettlement.com, krispykremesettlement.com) — never a generic “claim center” or shortened-URL link.
• Look up the case on PACER or the court website. Every legitimate class action has a docket with the federal court (PACER, free state-court equivalents) under a real case number. If a notice cites a case number, it is verifiable.
• Read OpenClassActions. If a settlement is real, we cover it on a dedicated page with the class definition, claim form link, deadlines, and proof requirements. If you cannot find the breach in our list above, search the company name on this site before submitting any information.
• Report suspected scams. Forward suspected phishing notices to ReportFraud.ftc.gov and to your state attorney general. The FTC also operates IdentityTheft.gov for recovery assistance if you've already been victimized.
How Settlement Payouts Are Calculated
Most data breach settlements use a tiered payout structure. Understanding which tier you qualify for is usually the difference between a $30 check and a $5,000 reimbursement.Tier 1 — Flat-rate or pro-rata cash (no proof). Every class member who submits a timely valid claim gets a flat-rate payment (typically $30–$100) or a pro-rata share of whatever's left in the fund after fees, administration, and Tier 2 reimbursements. Pro-rata means the per-person amount depends on the total number of valid claims filed; if claim volume is low, this tier can be larger than the flat rate. You usually need only a Class Member ID printed on your mailed/emailed notice.
Tier 2 — Documented out-of-pocket losses. Class members who can document expenses or losses caused by the breach — unreimbursed fraud, credit-monitoring you paid for, lost time at $20–$25 per hour, professional fees — can claim reimbursement up to a per-class-member cap (typically $2,500–$10,000). This tier requires receipts, statements, or sworn affidavits.
Tier 3 — Statutory state-law payments (overlay). Several recent settlements include a California Consumer Privacy Act (CCPA) payment of approximately $100 for California residents (on top of Tier 1 / Tier 2), and Illinois residents sometimes receive elevated amounts under the Biometric Information Privacy Act (740 ILCS 14). Eligibility for these is automatic if you reside in the relevant state during the class period.
Tier 4 — Credit monitoring (in-kind). Most settlements offer one to three years of free credit monitoring with $1M in identity-theft insurance. This is in addition to cash, not instead of, and claiming it does not reduce your other payments.
What Credit Monitoring Covers (and Doesn't)
Credit monitoring is the most commonly offered non-cash settlement benefit, and it is meaningful — but it is not identity-theft insurance in the way most consumers assume.What credit monitoring does: alerts you when a new account is opened in your name, when there is a hard inquiry on your credit file, or when significant changes occur (address change, late payment, collections action). The included “up to $1M identity-theft insurance” reimburses out-of-pocket recovery costs (legal fees, lost wages, postage, notarization), not the underlying loss itself.
What it does not do: credit monitoring does not prevent identity theft. It does not unfreeze stolen tax refunds, recover stolen Medicare or Medicaid benefits, undo synthetic-identity fraud against relatives, or stop SIM-swap attacks on your phone number. For comprehensive protection after a breach, the FTC's recommended steps are to place a free credit freeze with all three nationwide credit bureaus (Equifax, Experian, TransUnion), file your taxes early, and enroll in the IRS Identity Protection PIN program if you are eligible.
Data Breach Trends in 2025–2026
The global average cost of a data breach in 2025 reached $4.88 million, a 10% increase from the previous year and the highest total ever recorded.There were 2,741 publicly disclosed data breach incidents in the first half of 2025, affecting over 6.8 billion records. Ransomware and extortion techniques were involved in about one-third of all breaches, representing 32% of incidents studied. The global annual cost of cybercrime is predicted to reach $9.5 trillion in 2025.
Many of these data breaches have resulted in massive data breach open class action lawsuits and settlements that compensate consumers who have been damaged by cybersecurity incidents.
Largest Data Breaches Driving 2025–2026 Class Actions
Some of the largest data breaches reported in 2025 include:• AT&T: 73 million records breached, affecting current and former customers.
• Ticketmaster: 560 million customer records exposed, including payment information and personal details.
• Tile Phone Finder(Life360): 450,000 records breached, including personal information and location data.
• Dell Technologies: Data breach incident potentially affecting up to 49 million Dell customers.
Key Findings About Data Breaches A recent Verizon Data Breach investigations report revealed the following findings:
• 74% of breaches involved the exploitation of vulnerabilities as an initial access step, almost triple the amount from the previous year.
• 39% of breaches involved a third party or supplier.
• 66% of financially motivated incidents involved ransomware or extortion.
• 74% of breaches involved a non-malicious human element, such as falling victim to social engineering or making errors.
People Most Affected By Data Breaches
The most frequently breached sectors in the USA for 2025 included:• Healthcare
• Education
• Finance
• Government
• Technology
• Cybersecurity Trends
Ransomware remains a significant threat, with damages expected to reach $265 billion annually by 2031. Supply chain attacks and third-party breaches continue to be a growing concern, adding to inflation worries since the post-Covid era in the United States. There has also been an increasing focus on protecting against vulnerabilities and addressing the human element in cybersecurity, and how consumers can redress and mitigate identity theft and financial damage due to the massive prevalnce and acceleration of data breach incidents. Read below to learn how you can be owed cash and what to do to avoid data breaches resulting in damage to your financial and well-being.
What to Do If Your Data Was Breached
If you believe you have been the victim of a data breach, and have received a notice there are several steps you should take to protect yourself and mitigate the potential damage. These apply more broadly to a wider plethora of data breach cases:-
Stay Calm: Discovering a data breach can be alarming, but it's important to remain calm
and take immediate action to protect your information.
Confirm the Breach: Verify that the data breach has actually occurred and that your personal information has been compromised. Look for official announcements from the affected organization or reputable sources reporting the breach.
Change Your Passwords: Start by changing the passwords for the affected account(s) immediately. Choose strong, unique passwords that are not easily guessable. It's best to use a password manager to securely store and generate passwords.
Consider Using VPNs VPNs are crucial for preventing identity theft and protecting personal information in the aftermath of a data breach. By encrypting your internet connection, VPNs secure your data from interception. They hide your IP address, safeguarding your location and device details from potential threats. VPNs also ensure the security of public Wi-Fi networks, making them safer for use. Additionally, these tools bypass geographical restrictions, enhancing online freedom while preventing ISP throttling and tracking.
VPNs provide a comprehensive defense against cyber threats, offering encryption, IP address concealment, and secure access to public Wi-Fi to mitigate the risks of identity theft and data breaches. This VPN does not log user activity, meaning they do not track or store information about your browsing habits.
Enable Two-Factor Authentication (2FA): Activate two-factor authentication for all your online accounts whenever possible. This adds an extra layer of security by requiring a secondary verification method, such as a temporary code sent to your mobile device, in addition to your password.
Multi-Factor Authentication (MFA): MFA goes beyond the traditional Two-Factor Authentication, adding an extra layer of security to online accounts through factors like something you know (password) and something you have (e.g., a temporary code using a physical USB key).
Relying only on your phone for verification in Two-Factor Authentication (2FA) can pose risks if the device is lost or inaccessible, it's essential to diversify authentication methods. Consider having multiple authentication backup methods in case you get locked out of your device - email verification, backup codes you can save in an encrypted file or stored on paper in a safe place, or hardware tokens, providing a safety net.
Monitor Your Accounts: Regularly monitor your financial and online accounts for any suspicious activity. Keep an eye out for unauthorized transactions, unfamiliar logins, or changes to your personal information.
Notify Your Bank/Credit Card Companies: If your financial information has been compromised, contact your bank and credit card companies immediately. Report the breach and inquire about any additional security measures they can provide, such as monitoring your accounts for fraudulent activity.
Check Your Credit Reports: Request a free copy of your credit report from one of the major credit reporting agencies (Equifax, Experian, or TransUnion). Review the report for any unauthorized accounts or inquiries. Consider placing a fraud alert or credit freeze on your accounts for added protection.
Be Vigilant Against Phishing Attempts: Data breaches often lead to an increase in phishing attempts. Be cautious of suspicious emails, messages, or phone calls asking for personal information. Avoid clicking on suspicious links or downloading attachments from unknown sources.
Update Software and Use Antivirus Protection: Ensure that your computer, smartphone, and other devices are running the latest software updates. Install reputable antivirus and anti-malware software to protect against potential threats.
Stay Informed and Seek Assistance: Keep yourself updated on the progress of the data breach investigation. The affected organization may provide guidance or resources for affected individuals. If necessary, consider seeking legal advice or contacting relevant authorities for further assistance.
How Do I Qualify for Compensation?
If you received a data breach notice from any of the listed companies notifying you that your personal information was impacted, you can file a claim through the dedicated page for that settlement (linked in the comparison table at the top of this page). The same direct claim links are repeated below for convenience — each one goes to OpenClassActions' page for that case, which contains the eligibility definition, the claim portal link, and proof requirements.$117.5M Comcast Xfinity Data Breach Class Action Settlement
SAG-AFTRA Data Breach Class Action Settlement
Maxar Space Systems Data Breach Class Action Settlement
$3.185M Pawn America Data Breach Class Action Settlement
$24.45M LastPass Data Breach Class Action Settlement
$1.6M Krispy Kreme Data Breach Class Action Settlement
Avis Rent A Car Data Breach Class Action Settlement
$1.5M SouthState Bank Data Breach Class Action Settlement
Essen Medical Data Breach Settlement $4M Class Action
$1.5M Nissan Employees Data Breach Class Action Settlement
Christian Dior Data Breach Class Action Settlement
Eureka Casino Hotel Data Breach Class Action Settlement
How Do I Find Class Action Settlements?
Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:Attorney Advertising - This page may contain attorney advertising. The information on OpenClassActions.com is for general informational and advertising purposes. No attorney-client relationship between reader and any law firms is created by submitting forms linked from here. While we try to complete the forms accurately and timely, we cannot guarantee the accuracy or completeness of the information contained in the linked pages. The information provided on OpenClassActions.com is not legal advice, OpenClassActions.com is not a law firm and the information contained on OpenClassActions.com is not legal advice. OpenClassActions is a participant in the Amazon affiliate advertising program and this post may contain other affiliate links, which means we may earn a commission or fees if you make a purchase via those links.
Frequently Asked Questions
What is a data breach class action settlement?
A court-supervised resolution of a class action lawsuit alleging that a company's failure to safeguard your personal information caused harm. The settlement creates a fund used to pay flat-rate cash, pro- rata cash, documented out-of-pocket reimbursement, statutory state-law payments (e.g., $100 CCPA for California), and credit monitoring to class members. You typically need to file a claim by the deadline using a Class Member ID printed on your mailed or emailed notice.
Do I need proof of harm to file a data breach claim?
No, not for the basic cash tier. Most data breach settlements pay a flat-rate or pro-rata cash amount (typically $30–$100) to every class member who submits a timely claim, with only the Class Member ID required. Proof — receipts, fraud statements, bank records — is required only if you want to claim the higher documented-loss reimbursement tier (often capped at $2,500 to $10,000).
How do I know if I'm eligible?
If the breached company sent you a written notice (mail or email), you are almost certainly a member of the class. The notice will include a Class Member ID or Notice ID. If you didn't receive a notice but you used the company's services during the class period, you may still qualify; check the settlement page on this site or the official administrator's website for the class definition.
How long do data breach settlements take to pay out?
Typically nine to eighteen months after the claim deadline. The court must hold a final approval hearing (usually 30–90 days after the deadline), wait through any appeal period (typically 30 days), and then the administrator processes claims and mails or e-deposits payments. Larger settlements with thousands of claims can take longer.
Will filing a claim affect my credit score?
No. Filing a class action claim has no effect on your credit. Accepting the included credit monitoring also has no effect — it's a soft pull only.
Is there a cost to file a claim?
No. Class action claim forms are always free. If anyone asks for a fee, processing charge, or “release fee” to claim a settlement, it is a scam. Report it at ReportFraud.ftc.gov.
What if I lost my notice and don't have my Class Member ID?
Contact the settlement administrator through the official settlement website. Most administrators will look up your ID by name, last four of SSN, or email on file. The settlement page on this site links to the official administrator for each case.
Can I sue separately if I opt out of the settlement?
Yes. Every class action settlement includes an opt-out (exclusion) deadline. Class members who properly opt out keep the right to sue the company individually for the same conduct. Once the opt-out deadline passes, your right to file a separate lawsuit is permanently released.
Sources & Government References
Primary federal and state-government sources used to verify breaches, settlement administrators, and class definitions on this page:- U.S. Department of Health and Human Services, Office for Civil Rights: HIPAA Breach Notification Portal — the official federal database of healthcare data breaches affecting 500+ individuals.
- U.S. Federal Trade Commission: IdentityTheft.gov — federal recovery plan for victims of identity theft, plus ReportFraud.ftc.gov for reporting suspected breach-related scams.
- Federal Trade Commission — Consumer Advice: Credit Freeze FAQs and Data Breach: What to Do.
- Cybersecurity and Infrastructure Security Agency (CISA): Identity Management & Cybersecurity Best Practices — federal guidance on protecting personal information and recognizing breaches.
- California Attorney General: Searchable Data Security Breach Database and California Consumer Privacy Act (CCPA) information.
- Maine Attorney General: Data Breach Notifications List — Maine receives breach notifications affecting any Maine resident, making this list one of the most comprehensive U.S. registries.
- Washington State Attorney General: Data Breach Notifications Directory.
- Illinois General Assembly: Biometric Information Privacy Act, 740 ILCS 14 — the statutory basis for biometric privacy class actions (BIPA).
- Internal Revenue Service: Identity Protection PIN program — federal protection against tax-refund identity theft for breach victims.
- Verizon Business: Data Breach Investigations Report (DBIR) — widely cited annual cybersecurity research used by federal agencies and Fortune 500 CISOs.
For more open class actions keep scrolling below.
Roblox - Investigation
Pre-Qualify Here
Submit Claim
Cosequin Dog Supplements Settlement
Deadline: July 21, 2026
Submit Claim
$990K Differin Acne Product Settlement
Deadline: May 19, 2026
Submit Claim
Depo Provera Investigation
Deadline: Pending
Pre-Qualify
$87.5M Beef Prices Settlement
Deadline: June 30, 2026
Submit Claim
DraftKings & FanDuel Addiction Lawsuits
Status: Open
Learn More
$2.9M Tom's of Maine Toothpaste Settlement
Deadline: July 6, 2026
Submit Claim| Data Breach Class Actions - Summary | |
| Status | Active data breach class actions & investigations |
|---|---|
| Claim Form Deadline | Varies by case |
| Estimated Payout | Varies |
| Proof Required | Yes in most cases |
| Who Qualifies | U.S. residents who received a data breach notice indicating their personal or health information was impacted |
| What To Do | Confirm the notice, change passwords, enable 2FA or MFA, monitor accounts, consider a credit freeze, and submit a claim where eligible |
| Related Links |
Comcast Xfinity $117.5M
Avis Rent A Car Essen Medical $4M Eureka Casino Hotel Pawn America $3.185M SouthState Bank Krispy Kreme $1.6M Christian Dior Nissan Employees LastPass $24.45M Maxar Space Systems SAG-AFTRA LA Times Privacy & Tracking $3.85M PowerSchool Naviance $17.25M Seafood City Supermarket BIPA $300K |