Data Breach Class Action Settlements: Open Claims, Eligibility & Payouts
Every U.S. data breach class action settlement currently accepting claims — with deadlines, payout tiers, proof requirements, and a direct link to each official claim portal. Filing a claim is always free.
13
Open Settlements
$218M+
Combined Funds Tracked
$30–$25,000+
Payout Range
Free
Cost to File
Open data breach settlements accepting claims
Sorted by claim deadline (soonest first). Each card links to eligibility, payout tiers, proof requirements, and the official claim portal. Past-deadline settlements grey out and drop to the bottom automatically — the list keeps itself current.
Notice / PIN
Data Breach
SouthState Bank Data Breach Settlement
Pro-rata cash + up to $3,500 documented + 1 yr credit monitoring · $1.5M fund
With Proof
Data Breach
Avis Rent A Car Data Breach Settlement
Up to $5,000 for documented out-of-pocket losses · Avis breach notice recipients
Notice / PIN
Data Breach
Krispy Kreme Data Breach Settlement
$75 cash or up to $3,500 documented · $1.6M fund
Notice / PIN
Data Breach
E Benefit Solution Data Breach Settlement
$40 cash or up to $5,000 documented · 2 yr credit monitoring + $1M fraud insurance
Notice / PIN
Data Breach
LastPass Data Breach Settlement
Pro-rata cash from the $24.45M fund · LastPass 2022 encrypted-vault breach
Notice / PIN
Data Breach
Pawn America Data Breach Settlement
$30 cash + up to $5,000 documented · $3.185M fund · Claim ID + PIN required
With Proof
Data Breach
Maxar Space Systems Data Breach Settlement
Up to $3,500 documented + 3 yr credit monitoring · ~$100 CCPA for CA residents
Notice / PIN
Data Breach
SAG-AFTRA Health Plan Data Breach Settlement
Up to $5,000 documented + pro-rata cash (2× for CA) · 18 mo CyEx Medical Shield · $950K fund
Notice / PIN
Data Breach
Fidelity Investments Data Breach Settlement
~$100 cash + $50 CA CCPA, or up to $5,000 documented · 2 yr credit monitoring · $2.5M fund
Notice / PIN
Data Breach
Flagstar Bank Data Breach Settlement
~$60 cash (up to $599) or up to $25,000 documented · $31.5M fund
HOT
Notice / PIN
Data Breach
Comcast Xfinity Data Breach Settlement
~$50 cash or up to $10,000 documented · $117.5M fund
HOT
Notice / PIN
Data Breach
Labcorp AMCA Data Breach Settlement
~$50 cash or up to $5,000 documented · 2 yr medical monitoring · $35M fund
Notice / PIN
Data Breach
Circle K (Gas Express) Data Breach Settlement
$50 cash or up to $2,000 documented · 2 yr credit monitoring + $1M fraud insurance
Related Privacy & Tracking Class Actions
Website tracking, pixel, BIPA (biometric) and VPPA (video privacy) cases involve compromise of similar categories of personal information. Currently open on OpenClassActions.com:
Notice / PIN
Health Data Privacy
Duke Health MyChart Patient Portal Meta Pixel Privacy Settlement
$3.74M Fund
payout
Pro rata cash · Duke MyChart / MyDuke Health App users (Feb 2019 – Jun 2022) · Notice ID required
Notice / PIN
Website Tracking Privacy
WISP / hellowisp.com Meta Pixel Privacy Settlement
$18 Flat Cash
payout
U.S. hellowisp.com customers (Feb 2018 – Sept 2025) · paid via PayPal/Venmo/Zelle
What Is a Data Breach Class Action?
A data breach class action is a civil lawsuit brought on behalf of every person whose personal information was exposed in the same incident. Plaintiffs typically allege the company that held the data — the “defendant” — failed to use reasonable cybersecurity safeguards (negligence), breached its own privacy promises (breach of contract or implied contract), or violated a state statute such as the California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act (BIPA), or a state data breach notification law.Most data breach class actions resolve in settlement rather than trial. A typical settlement provides a tiered cash payment (a flat-rate or pro-rata cash payment with no proof, plus a higher reimbursement tier of $2,500–$10,000 for class members who can document out-of-pocket losses such as fraud, credit-monitoring fees, or unreimbursed time), free credit monitoring for one to three years, and additional statutory payments for residents of states with strong consumer-privacy laws (notably the $100 CCPA payment for California residents on multi-state settlements). The settlement is paid by the company that suffered the breach (or its cybersecurity insurer) into a court-supervised fund administered by an independent settlement administrator.
I Received a Data Breach Notice — What Now?
Millions of Americans have been receiving data breach notices in their mail or their email inbox like the one below. If so, you may be entitled to significant compensation as part of data breach class action settlements.
The following personally identifiable or protected healthcare information may have been exposed in these data breaches:
• Names,
• Social Security Numbers,
• Dates of Birth,
• Health Insurance Information,
• Medical Information,
• Diagnosis Information,
• Health Insurance Group and Policy Numbers,
• Subscriber Numbers,
• Prescription Information.
Data breaches are serious matters that can cause long term damage. Hackers break into networks so that they can steal your personal information to sell it on the dark web, commit identity theft, financial theft or other types of fraud.
How to Verify Your Data Breach Notice Is Real (Not Phishing)
Scammers send fake “data breach notices” that look identical to real ones, hoping you'll click a link, hand over a Social Security Number, or pay a bogus “identity protection fee.” Real breach notices and real settlement administrators never charge a fee, never ask for a wire transfer or gift cards, and never pressure you to act in the next 24 hours.Use this checklist before clicking anything:
• Verify the breach exists. Cross-check the breached company's name against the U.S. Department of Health and Human Services Office for Civil Rights HIPAA Breach Portal (for healthcare breaches), the California Attorney General's data breach list, the Maine Attorney General data breach notifications, or the Washington State Attorney General data breach directory. Real breaches show up in at least one of these public registries.
• Verify the settlement administrator. Real settlement administrators in the U.S. are typically Kroll, Epiq, A.B. Data, Angeion, Atticus, JND Legal, Verita, Postlethwaite & Netterville, or Settlement Services Inc. The official settlement website almost always uses a dedicated domain naming the case (e.g., maxarsettlement.com, krispykremesettlement.com) — never a generic “claim center” or shortened-URL link.
• Look up the case on PACER or the court website. Every legitimate class action has a docket with the federal court (PACER, free state-court equivalents) under a real case number. If a notice cites a case number, it is verifiable.
• Read OpenClassActions. If a settlement is real, we cover it on a dedicated page with the class definition, claim form link, deadlines, and proof requirements. If you cannot find the breach in our list above, search the company name on this site before submitting any information.
• Report suspected scams. Forward suspected phishing notices to ReportFraud.ftc.gov and to your state attorney general. The FTC also operates IdentityTheft.gov for recovery assistance if you've already been victimized.
How Settlement Payouts Are Calculated
Most data breach settlements use a tiered payout structure. Understanding which tier you qualify for is usually the difference between a $30 check and a $5,000 reimbursement.Tier 1 — Flat-rate or pro-rata cash (no proof). Every class member who submits a timely valid claim gets a flat-rate payment (typically $30–$100) or a pro-rata share of whatever's left in the fund after fees, administration, and Tier 2 reimbursements. Pro-rata means the per-person amount depends on the total number of valid claims filed; if claim volume is low, this tier can be larger than the flat rate. You usually need only a Class Member ID printed on your mailed/emailed notice.
Tier 2 — Documented out-of-pocket losses. Class members who can document expenses or losses caused by the breach — unreimbursed fraud, credit-monitoring you paid for, lost time at $20–$25 per hour, professional fees — can claim reimbursement up to a per-class-member cap (typically $2,500–$10,000). This tier requires receipts, statements, or sworn affidavits.
Tier 3 — Statutory state-law payments (overlay). Several recent settlements include a California Consumer Privacy Act (CCPA) payment of approximately $100 for California residents (on top of Tier 1 / Tier 2), and Illinois residents sometimes receive elevated amounts under the Biometric Information Privacy Act (740 ILCS 14). Eligibility for these is automatic if you reside in the relevant state during the class period.
Tier 4 — Credit monitoring (in-kind). Most settlements offer one to three years of free credit monitoring with $1M in identity-theft insurance. This is in addition to cash, not instead of, and claiming it does not reduce your other payments.
What Credit Monitoring Covers (and Doesn't)
Credit monitoring is the most commonly offered non-cash settlement benefit, and it is meaningful — but it is not identity-theft insurance in the way most consumers assume.What credit monitoring does: alerts you when a new account is opened in your name, when there is a hard inquiry on your credit file, or when significant changes occur (address change, late payment, collections action). The included “up to $1M identity-theft insurance” reimburses out-of-pocket recovery costs (legal fees, lost wages, postage, notarization), not the underlying loss itself.
What it does not do: credit monitoring does not prevent identity theft. It does not unfreeze stolen tax refunds, recover stolen Medicare or Medicaid benefits, undo synthetic-identity fraud against relatives, or stop SIM-swap attacks on your phone number. For comprehensive protection after a breach, the FTC's recommended steps are to place a free credit freeze with all three nationwide credit bureaus (Equifax, Experian, TransUnion), file your taxes early, and enroll in the IRS Identity Protection PIN program if you are eligible.
Data Breach Trends in 2025–2026
The global average cost of a data breach in 2025 reached $4.88 million, a 10% increase from the previous year and the highest total ever recorded.There were 2,741 publicly disclosed data breach incidents in the first half of 2025, affecting over 6.8 billion records. Ransomware and extortion techniques were involved in about one-third of all breaches, representing 32% of incidents studied. The global annual cost of cybercrime is predicted to reach $9.5 trillion in 2025.
Many of these data breaches have resulted in massive data breach open class action lawsuits and settlements that compensate consumers who have been damaged by cybersecurity incidents.
Recent High-Profile Data Breaches Driving Class Actions
Several of the largest data breaches disclosed in 2024 and 2025 are still working through the courts and driving the current wave of class actions. Notable incidents include:• AT&T (2024): approximately 73 million records exposed, affecting current and former customers.
• Ticketmaster / Live Nation (2024): approximately 560 million customer records exposed, including payment information and personal details.
• Change Healthcare (2024): approximately 100 million Americans affected, one of the largest U.S. healthcare data breaches on record.
• National Public Data (NPD, 2024): background-check broker breach exposed Social Security numbers and addresses for hundreds of millions of records.
• Dell Technologies (2024): incident potentially affecting up to 49 million customers.
• Tile / Life360 (2024): approximately 450,000 records breached, including personal information and device location data.
Key Findings About Data Breaches A recent Verizon Data Breach investigations report revealed the following findings:
• 74% of breaches involved the exploitation of vulnerabilities as an initial access step, almost triple the amount from the previous year.
• 39% of breaches involved a third party or supplier.
• 66% of financially motivated incidents involved ransomware or extortion.
• 74% of breaches involved a non-malicious human element, such as falling victim to social engineering or making errors.
People Most Affected By Data Breaches
The most frequently breached sectors in the USA for 2025 included:• Healthcare
• Education
• Finance
• Government
• Technology
• Cybersecurity Trends
Ransomware remains a significant threat, with damages expected to reach $265 billion annually by 2031. Supply chain attacks and third-party breaches continue to be a growing concern, adding to inflation worries since the post-Covid era in the United States. There has also been an increasing focus on protecting against vulnerabilities and addressing the human element in cybersecurity, and how consumers can redress and mitigate identity theft and financial damage due to the massive prevalnce and acceleration of data breach incidents. Read below to learn how you can be owed cash and what to do to avoid data breaches resulting in damage to your financial and well-being.
What to Do If Your Data Was Breached
If you've received a data breach notice, the FTC and CISA recommend the following steps to limit damage and preserve your eligibility for any class action settlement. The earlier you act, the easier it is to document harm later.- Confirm the breach is real. Cross-check the company name against the HHS HIPAA Breach Portal, the California Attorney General's data breach list, or Maine AG breach notifications. Real breaches show up in at least one public registry. If yours doesn't, treat the notice as suspect.
- Keep the original notice. Don't throw it away or delete the email. Most settlements require a Class Member ID, Notice ID, or PIN printed on it — without it, the administrator's lookup process is harder. Save a copy (photo, scan, or screenshot) before doing anything else.
- Change passwords for affected accounts. Use unique, randomly generated passwords stored in a reputable password manager. Reusing the same password across sites is what turns one breach into many.
- Enable two-factor or multi-factor authentication (2FA/MFA). Prefer an authenticator app (Google Authenticator, Authy, 1Password) or a hardware security key over SMS-based codes, which are vulnerable to SIM-swap attacks.
- Place a free credit freeze with all three bureaus. A freeze is the single most effective measure to prevent new-account identity theft, and it's free under federal law at Equifax, Experian, and TransUnion. A freeze does not affect your credit score.
- Enroll in the IRS Identity Protection PIN. Tax-refund identity theft is one of the most common post-breach harms. The IRS IP PIN program blocks anyone without your six-digit PIN from filing a return in your name.
- Monitor your accounts and credit reports. Pull free reports at AnnualCreditReport.com and scan for accounts you don't recognize, unfamiliar inquiries, or address changes you didn't authorize.
- Document any losses or unreimbursed time. Save bank statements, fraud-resolution call logs, notarization fees, mileage to the bank or police station, and time spent on remediation. These records are what unlock the documented-loss tier (typically $2,500–$10,000) of most data breach settlements.
- Watch for phishing tied to the breach. Breach disclosures predictably trigger a wave of scam calls, texts, and emails. Forward suspicious messages to ReportFraud.ftc.gov and to your state attorney general; if you've already been victimized, start the recovery plan at IdentityTheft.gov.
- File the class action claim before the deadline. The comparison table at the top of this page tracks every open data breach settlement with its deadline, fund, payout tiers, and direct link to OpenClassActions' page for that case. Most claim forms take five to fifteen minutes.
How Do I Qualify for Compensation?
Qualifying for a data breach class action settlement comes down to three things, and they're the same across virtually every settlement on this page:- You received a data breach notice from the defendant company (by mail or email), or you used the company's products or services during the class period defined in the settlement. Either path can establish class membership.
- You can supply your Class Member ID, Notice ID, Claim ID, or PIN. Lost it? The settlement administrator can look you up by name, last four of SSN, or email on file via the official settlement website — we link the official site on each settlement's page.
- You file a valid claim form by the deadline. Late claims are not paid. Use the comparison table at the top of this page to see which deadlines are coming up.
Every settlement linked from the open settlements table above has a dedicated OpenClassActions page that spells out that settlement's specific class definition, payout tiers, proof requirements, and direct link to the official claim portal — bookmark this page and check back as new settlements are added each month.
How Do I Find Class Action Settlements?
Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:Attorney Advertising - This page may contain attorney advertising. The information on OpenClassActions.com is for general informational and advertising purposes. No attorney-client relationship between reader and any law firms is created by submitting forms linked from here. While we try to complete the forms accurately and timely, we cannot guarantee the accuracy or completeness of the information contained in the linked pages. The information provided on OpenClassActions.com is not legal advice, OpenClassActions.com is not a law firm and the information contained on OpenClassActions.com is not legal advice. OpenClassActions is a participant in the Amazon affiliate advertising program and this post may contain other affiliate links, which means we may earn a commission or fees if you make a purchase via those links.
Frequently Asked Questions
What is a data breach class action settlement?
A court-supervised resolution of a class action lawsuit alleging that a company's failure to safeguard your personal information caused harm. The settlement creates a fund used to pay flat-rate cash, pro- rata cash, documented out-of-pocket reimbursement, statutory state-law payments (e.g., $100 CCPA for California), and credit monitoring to class members. You typically need to file a claim by the deadline using a Class Member ID printed on your mailed or emailed notice.
Do I need proof of harm to file a data breach claim?
No, not for the basic cash tier. Most data breach settlements pay a flat-rate or pro-rata cash amount (typically $30–$100) to every class member who submits a timely claim, with only the Class Member ID required. Proof — receipts, fraud statements, bank records — is required only if you want to claim the higher documented-loss reimbursement tier (often capped at $2,500 to $10,000).
How do I know if I'm eligible?
If the breached company sent you a written notice (mail or email), you are almost certainly a member of the class. The notice will include a Class Member ID or Notice ID. If you didn't receive a notice but you used the company's services during the class period, you may still qualify; check the settlement page on this site or the official administrator's website for the class definition.
How long do data breach settlements take to pay out?
Typically nine to eighteen months after the claim deadline. The court must hold a final approval hearing (usually 30–90 days after the deadline), wait through any appeal period (typically 30 days), and then the administrator processes claims and mails or e-deposits payments. Larger settlements with thousands of claims can take longer.
Will filing a claim affect my credit score?
No. Filing a class action claim has no effect on your credit. Accepting the included credit monitoring also has no effect — it's a soft pull only.
Is there a cost to file a claim?
No. Class action claim forms are always free. If anyone asks for a fee, processing charge, or “release fee” to claim a settlement, it is a scam. Report it at ReportFraud.ftc.gov.
What if I lost my notice and don't have my Class Member ID?
Contact the settlement administrator through the official settlement website. Most administrators will look up your ID by name, last four of SSN, or email on file. The settlement page on this site links to the official administrator for each case.
Can I sue separately if I opt out of the settlement?
Yes. Every class action settlement includes an opt-out (exclusion) deadline. Class members who properly opt out keep the right to sue the company individually for the same conduct. Once the opt-out deadline passes, your right to file a separate lawsuit is permanently released.
Sources & Government References
Primary federal and state-government sources used to verify breaches, settlement administrators, and class definitions on this page:- U.S. Department of Health and Human Services, Office for Civil Rights: HIPAA Breach Notification Portal — the official federal database of healthcare data breaches affecting 500+ individuals.
- U.S. Federal Trade Commission: IdentityTheft.gov — federal recovery plan for victims of identity theft, plus ReportFraud.ftc.gov for reporting suspected breach-related scams.
- Federal Trade Commission — Consumer Advice: Credit Freeze FAQs and Data Breach: What to Do.
- Cybersecurity and Infrastructure Security Agency (CISA): Identity Management & Cybersecurity Best Practices — federal guidance on protecting personal information and recognizing breaches.
- California Attorney General: Searchable Data Security Breach Database and California Consumer Privacy Act (CCPA) information.
- Maine Attorney General: Data Breach Notifications List — Maine receives breach notifications affecting any Maine resident, making this list one of the most comprehensive U.S. registries.
- Washington State Attorney General: Data Breach Notifications Directory.
- Illinois General Assembly: Biometric Information Privacy Act, 740 ILCS 14 — the statutory basis for biometric privacy class actions (BIPA).
- Internal Revenue Service: Identity Protection PIN program — federal protection against tax-refund identity theft for breach victims.
- Verizon Business: Data Breach Investigations Report (DBIR) — widely cited annual cybersecurity research used by federal agencies and Fortune 500 CISOs.