Open data breach class action settlements
Class action settlements from data breaches and security incidents that exposed consumers' personal information.
WISP, Inc. Data Privacy Settlement
WISP, Inc. allegedly disclosed customers' personal information to third parties through Meta Pixel and other tracking, analytics, and advertising technologies without consent, violating privacy laws including the Florida Security of Communications Act, California Invasion of Privacy Act, and Electronic Communications Privacy Act. The defendant denies all claims but agreed to settle to avoid ongoing litigation costs and uncertainties.
Up to $18
Chattanooga Heart Institute Data Breach Settlement
Memorial Heart Institute experienced a cybersecurity incident between March 8 and March 16, 2023, which may have resulted in unauthorized access to or acquisition of individuals' private information including names, addresses, email, phone numbers, dates of birth, driver's license numbers, Social Security numbers, account information, health insurance information, diagnosis/condition information, lab results, and medications.
TRISTAR Data Breach Settlement
TRISTAR Insurance Group, Inc. experienced a data breach in November 2022 where unauthorized access occurred to certain customer information. TRISTAR denies all claims and wrongdoing, and the settlement is not an admission of liability but rather a settlement of disputed claims.
Richard Teague v. AGC America Data Breach Settlement
AGC America, Inc. experienced a December 2023 targeted cyberattack in which a third party gained unauthorized access to certain of the company's systems and may have accessed individuals' personal information including names, addresses, dates of birth, Social Security numbers, driver's license numbers, financial account information, passports, payment card numbers, company network login credentials, and limited health insurance plan enrollment information. AGC denies any liability or wrongdoing.
Maxar Data Security Breach Settlement
Maxar's computer systems were compromised in a cyberattack occurring around October 2024. Files containing private information including names, Social Security numbers, home addresses, gender, employment information, and business contact information were accessed. Maxar denies wrongdoing, and the court has not yet decided the case.
Chapple v. Cross Valley Federal Credit Union Data Breach Settlement
Cross Valley Federal Credit Union experienced a cyberattack on its computer systems in December 2024. Certain files containing private information became accessible, potentially including full names, addresses, and Social Security numbers. The defendant denies wrongdoing, and the parties agreed to settle to avoid litigation costs and risks.
Amy Walker v. New River Electrical Corp. Data Breach Settlement
Cybercriminals gained unauthorized access to New River Electrical Corporation's network during April-May 2024, potentially accessing and acquiring files containing the private information of approximately 9,845 individuals. The defendant denies all charges of wrongdoing or liability and states the settlement is not an admission of wrongdoing.
First Financial Security Data Breach Settlement
In 2023, cybercriminals bypassed First Financial Security's cybersecurity systems and executed a ransomware attack, encrypting data. The plaintiff alleges the breach gave criminals access to consumers' personal information including names, dates of birth, and Social Security Numbers, as well as protected health information. First Financial denies any wrongdoing.
Gill Corporation Data Breach Settlement
The Gill Corporation experienced a data breach on or about June 23, 2024, which was publicly disclosed in September 2024. The breach potentially compromised customers' personal information. The Defendant denies liability but agreed to settle the lawsuit to avoid the costs and risks of continuing the case.
Youth and Shelter Services Data Incident Settlement
Youth and Shelter Services, Inc. experienced a cybersecurity incident in September 2023 in which certain files containing private information were potentially accessed. The data potentially compromised includes names, dates of birth, Social Security numbers, driver's license numbers, financial account information, medical information, health insurance information, billing & claims information, passport numbers, and other government-issued identification numbers. The Defendant denies wrongdoing.
Thriveworks Privacy Settlement
Thriveworks disclosed sensitive information and private communications from its website to Google and LinkedIn without user consent, allegedly violating state and federal law. Thriveworks denies any violations but agreed to settle to avoid litigation costs and uncertainties.
Up to $10
Union Bank and Trust Company Data Breach Settlement
Union Bank and Trust Company experienced a MOVEit security incident between May 27-31, 2023 that potentially exposed customers' personally identifiable information. The defendant denies any wrongdoing but has agreed to settle the lawsuit.
$100–$10,000
Shea v. American International College Data Breach Settlement
American International College experienced a targeted cyberattack on its computer systems in November 2023. The attack compromised certain files containing private information including Social Security numbers, dates of birth, and financial information. AIC denies wrongdoing, and the parties have agreed to settle to avoid the costs, risks, and uncertainties of continued litigation.
Enroll Confidently Data Breach Settlement
Enroll Confidently Inc. experienced a data incident on or about February 13, 2024, that resulted in potential temporary unauthorized access to or acquisition of Settlement Class Members' Private Information, including names, addresses, Social Security numbers, dates of birth, health insurance and benefit information, and medical information.
$100–$3,500
Thompson Coburn LLP Data Breach Settlement
Thompson Coburn LLP experienced a targeted cyberattack on its computer systems in May 2024 that compromised personal information including names, dates of birth, health information, Social Security numbers, passport numbers, and drivers' license information. Thompson Coburn denies wrongdoing, and the parties have agreed to settle to avoid ongoing litigation costs and uncertainties.
Gandara Mental Health Center Data Breach Settlement
Gandara Mental Health Center suffered unauthorized third-party access to its network, discovered on or around June 20, 2024, compromising private information of individuals. The defendant has agreed to implement appropriate security measures and pay for costs of notice, administrative expenses, service awards, and attorneys' fees.
SAG-AFTRA Health Plan Data Breach Settlement
SAG-AFTRA Health Plan experienced a data breach between September 17-18, 2024, in which personal information of plan members may have been compromised. The defendant denies any wrongdoing.
Up to $5,000
Alpine Ear, Nose, & Throat Data Breach Settlement
Alpine Ear, Nose, & Throat, PLLC experienced a targeted third-party cyberattack on its network in October 2024. Certain files containing private patient information may have been accessible as a result of this data incident.
Fidelity Investments Data Breach Settlement
Between August 17-19, 2024, a third party accessed and obtained certain financial information without authorization on Fidelity's computer network, compromising financial account and routing numbers. Fidelity denies wrongdoing, and the parties have agreed to settle to avoid litigation costs and risks.
PowerSchool Naviance Data Interception Settlement
PowerSchool, Hobsons, Heap, and Chicago Public Schools allegedly illegally intercepted students' confidential and sensitive communications while using the Naviance educational technology platform, violating wiretapping and privacy laws. The defendants deny wrongdoing but agreed to settle to avoid litigation expenses and uncertainties.
Pro rata share of the Settlement Fund (equal share among all approved claims)
Belle Tire Data Breach Settlement
Belle Tire Distributors, Inc. experienced a targeted cyberattack on its computer systems in June 2024 in which certain files containing private information were accessed. These files may have contained personal information such as names, addresses, dates of birth, social security numbers, and driver's license numbers. Belle Tire denies doing anything wrong.
Continental Cafe Holdings Data Incident Settlement
Continental Cafe Holdings, LLC experienced a cybersecurity event called the "Data Incident" that affected individuals' personal information. The company is settling a class action lawsuit brought by affected individuals by offering benefits including compensation for documented losses, credit monitoring services, and cash payments.
$0–$750
One Point HR Solutions Data Breach Settlement
One Point HR Solutions experienced a data incident between July 3, 2023, and February 14, 2024, in which personal information of individuals was potentially compromised. One Point has agreed to settle the class action lawsuit by providing benefits to class members and implementing security enhancements.
Bray International Inc. Data Incident Settlement
Bray International Inc. experienced a data security incident in April 2024 that affected certain information on their network. Certain files containing private information, including names, Social Security numbers, and/or driver's license numbers, were potentially accessed. Bray International denies all claims and allegations of wrongdoing.
Nth Degree Data Security Incident Settlement
Nth Degree, Inc. experienced a data security incident in December 2024 that resulted in private information stored in the company's computer systems being accessed or acquired without authorization. The lawsuit seeks settlement on behalf of affected individuals.
Barefoot Dreams Privacy Settlement
Barefoot Dreams disclosed customers' personal information to third parties through Meta Platforms and Attentive Mobile tracking technologies without consent, allegedly violating privacy laws including the Florida Security of Communications Act, Electronic Communications Privacy Act, and California Invasion of Privacy Act. The defendant denies all claims and maintains it did nothing wrong but agreed to the settlement to avoid litigation costs.
Up to $8
Leo Hamel Fine Jewelers Data Breach Settlement
Leo Hamel Fine Jewelers failed to properly secure and safeguard employees' personal information, which was accessed by an unauthorized person in a cybersecurity incident on or about November 10, 2022. The company denies the allegations and contends it was complying with applicable state law.
Up to $25
Esse Health Data Breach Settlement
Esse Health experienced a cyberattack on its computer systems in April 2025 that potentially compromised personally identifiable information and protected health information of patients, including names, addresses, dates of birth, health insurance information, Social Security numbers, medical record numbers, and certain health information. Esse Health denies it did anything wrong.
Fitzgerald Wealth Management Data Breach Settlement
Fitzgerald Wealth Management, LLC experienced a data incident in April 2025 that affected its computer systems. Certain files containing personal information were accessed. The defendant denies wrongdoing, and the parties have agreed to settle to avoid litigation costs and uncertainties.
Robbie D. Wood Data Breach Settlement
Robbie D. Wood, Inc. experienced a targeted cyberattack in October 2024 that compromised their computer systems and exposed files containing personal information including names, dates of birth, driver's license numbers, financial account information, medical information, and Social Security numbers. The defendant denies wrongdoing, and a settlement has been reached to resolve the class action lawsuit.
LA Financial Data Breach Settlement
LA Financial Federal Credit Union experienced a data breach on or about June 10, 2024, that compromised the personally identifiable information (PII) of settlement class members. The compromised data may have included names, dates of birth, Social Security numbers, driver's license numbers, passport numbers, account numbers, and other sensitive information. The defendant has agreed to a $725,000 settlement to resolve claims related to this breach.
$50–$5,100
Motility Data Breach Settlement
Motility Software Solutions suffered a cybersecurity incident in August 2025 that resulted in potential unauthorized access to or acquisition of customers' private information, including names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and driver's license numbers. The company has agreed to settle the class action without admitting wrongdoing.
$75–$5,000
LCPtracker Data Breach Settlement
LCPtracker suffered a targeted cyberattack on its computer systems in August 2024 in which certain files containing private information were accessed, including names and Social Security numbers. LCPtracker denies any wrongdoing, and the lawsuit has been settled to avoid further litigation costs and uncertainties.
Triage Staffing Data Breach Settlement
Triage Staffing experienced an unauthorized intrusion into its computer systems in May 2025, which resulted in the potential access of files containing private information including names, addresses, dates of birth, and Social Security numbers. Triage denies any liability or wrongdoing, and the parties have agreed to settle the lawsuit to avoid costs, risks, and uncertainties of continuing litigation.
Onsite Mammography Data Breach Settlement
An unauthorized third party gained access to one Onsite Mammography employee's email account in October 2024, and an investigation determined that certain files containing Settlement Class Members' personally identifiable information and protected health information may have been impacted. The defendant denies any wrongdoing and denies liability but has agreed to settle the lawsuit.
Pro Rata Cash Payment and reimbursement for out-of-pocket losses; Credit and Medical/Healthcare Data Monitoring and Insurance Services also available
Flagstar Data Breach Settlement
Flagstar Bank experienced two data breaches in January 2021 and December 2021 that impacted the personal information of approximately 2.2 million U.S. consumers, including about 364,000 California residents. The settlement resolves claims related to these breaches. Flagstar denies any wrongdoing.
$60–$599
Deanco Healthcare Data Breach Settlement
On May 1, 2023, Deanco Healthcare experienced a cybersecurity attack that compromised its IT network. A threat actor accessed database files containing sensitive personal information including addresses, dates of birth, Social Security numbers, driver's license numbers, financial account information, health insurance plan member IDs, claims data, and clinical information. Deanco has agreed to settle the resulting class action litigation.
$100–$5,000
St. Joseph Hospital Pixel Settlement
St. Joseph Hospital of Nashua, N.H. allegedly unlawfully collected, used, and disclosed personally identifiable information and protected health information of persons who used a MyChart patient portal account. The Defendant denies these allegations and denies all wrongdoing.
Up to $50
Oak View Group Data Breach Settlement
Oak View Group, LLC experienced a targeted cyberattack on its computer systems in November 2023 that compromised private information. The attack accessed files containing personal information such as full names, dates of birth, Social Security numbers, demographic information, and driver's license or state or federal identification. Oak View denies wrongdoing, and the company has agreed to settle to avoid the costs and risks of continuing litigation.
Williams v. Duke University Health System Settlement
The plaintiff claims Duke University Health System used a tracking tool on its website that disclosed personal or health-related information to a vendor when users accessed the Duke MyChart Patient Portal or MyDuke Health mobile app. Duke denies any wrongdoing and the court has not ruled that the defendant did anything wrong.
Riley, Pope & Laney Data Breach Settlement
Riley, Pope & Laney, LLC experienced a targeted cyberattack on its computer systems in August 2024. The attack compromised files containing private information, including first name or first initial and last name, and Social Security numbers.
Alta Resources Corp. Data Breach Settlement
In November 2023, Alta Resources Corp. suffered a targeted cyberattack on its computer systems where certain files containing private information were accessed. The files may have contained personal information such as names, Social Security numbers, financial account information, taxpayer identification numbers, government-issued identification, and protected health information including health insurance and medical information. Alta denies wrongdoing, and the court has not decided who is right.
GeoLogics Corporation Data Breach Settlement
GeoLogics Corporation experienced a targeted cyberattack on its computer systems in December 2023 that compromised private information files. The files may have contained personal information including names, addresses, phone numbers, dates of birth, photo identification, driver's licenses, and Social Security numbers. GeoLogics denies wrongdoing.
Bradford Health Data Incident Settlement
Bradford Health Services, LLC and Bradford Health Partners, LLC experienced a cybersecurity incident in November 2023 that resulted in unauthorized access to or acquisition of settlement class members' private information, including names, dates of birth, government IDs, Social Security numbers, medical information, health insurance information, and financial information. The defendants are paying $900,000 to settle the class action lawsuit and are implementing additional security measures.
$150–$5,000
EMM Loans Data Breach Settlement
EMM Loans, LLC experienced a targeted cyberattack on its computer systems in February 2024 that resulted in unauthorized access to files containing personal information including names, Social Security numbers, driver's license numbers, and passport numbers. The defendant denies wrongdoing, and the parties have agreed to settle to avoid the costs and risks of continued litigation.
Ciuni & Panichi Data Breach Settlement
In November 2024, unauthorized individuals accessed a Ciuni & Panichi database containing personal information including names, Social Security numbers, and dates of birth. The defendant denies wrongdoing, but agreed to settle the class action lawsuit to end the litigation.
$125–$5,000
Datavant Data Security Incident Settlement
A phishing email attack allegedly allowed unauthorized access to a Datavant company email account between May 8, 2024 and May 9, 2024, potentially exposing certain personal information. Datavant denies any wrongdoing.
Wright Brothers Construction Company Data Breach Settlement
Wright Brothers Construction Company experienced a targeted cyberattack on its computer systems in April 2024. Files containing private information, such as names and Social Security numbers, were accessed during this data incident. Wright Brothers denies wrongdoing, and the court has not made a determination on the merits.
WaterStreet Company Data Breach Settlement
WaterStreet Company experienced a cyber incident on March 17, 2025 (the "Data Incident") that resulted in unauthorized access to files containing private information. The exposed information included names along with one or more of the following: taxpayer identification numbers, bank account information, and/or Social Security numbers. WaterStreet denies doing anything wrong, and the parties agreed to settle the lawsuit to avoid the costs and risks of continuing litigation.
Mt. Baker Imaging Data Security Settlement
Mt. Baker Imaging and Northwest Radiologists experienced a ransomware attack between January 20-25, 2025, in which cybercriminals accessed and exfiltrated personally identifiable information (PII) and protected health information (PHI) affecting approximately 340,184 class members. Plaintiffs allege the defendants failed to implement and maintain necessary data security safeguards. Defendants deny wrongdoing but agreed to settle to avoid continued litigation.
Up to $5,000
Shahbaz v. Compex Legal Services Cyber Incident Settlement
An unauthorized user gained access to Compex Legal Services' systems in a cyber incident discovered in April 2024, potentially impacting personally identifiable information and protected health information. The defendant agreed to settle the resulting class action claims without admitting wrongdoing.
$100–$5,200
Legends Hospitality Data Breach Settlement
Legends Hospitality, LLC suffered targeted cyberattacks on its computer systems in November 2024, December 2024, and January 2025. Certain files containing private information such as names, dates of birth, Social Security numbers, driver's license numbers, government ID numbers, financial information, medical information, and health insurance information were accessed. Legends Hospitality denies any wrongdoing.
Wyssta Services Delta Dental Privacy Settlement
Wyssta Services allegedly installed and implemented advertising and analytics tracking technologies, such as cookies and pixels, on the Delta Dental website my.deltadentalcoversme.com without users' knowledge or consent, potentially violating the Electronic Communications Privacy Act and Illinois Eavesdropping Statute. The defendant denies all allegations and wrongdoing. The parties have agreed to settle to avoid the costs and risks of continuing the lawsuit.
OBI Seafoods Data Incident Settlement
OBI Seafoods experienced a targeted cyberattack on its computer systems in August 2024. Files containing private information including names, Social Security numbers, addresses, dates of birth, medical information, health insurance details, government identifiers, and bank account information were accessed. OBI denies wrongdoing, and the parties agreed to settle to avoid litigation costs and uncertainties.
Marlboro-Chesterfield Pathology Data Breach Settlement
Marlboro-Chesterfield Pathology's computer systems were breached on or around May 22, 2025, compromising patients' personally identifiable information and protected health information including names, dates of birth, Social Security numbers, and medical information. The lawsuit alleges the company failed to properly secure and safeguard this sensitive data. The defendant denies any wrongdoing.
$10–$1,000
Valladolid v. Memorial Health Services Data Privacy Settlement
Memorial Health Services allegedly disclosed patients' personally identifiable information to third parties through the Meta Pixel and other tracking, analytics, and advertising technologies without consent, violating the California Invasion of Privacy Act. The defendant denies all claims and maintains it did nothing wrong but agreed to settle to avoid the expense and burden of continuing the case.
Machado v. CR&R Incorporated Data Breach Settlement
CR&R Incorporated experienced a targeted cyberattack on its computer systems on or about December 13, 2022. Certain files containing private information were accessed, potentially including names, Social Security numbers, financial account information, and health insurance information. CR&R denies wrongdoing, and the settlement was reached to avoid the costs and risks of continuing litigation.
Lakeview Health Systems Data Breach Settlement
Lakeview Health Systems suffered a targeted cyberattack on its computer systems in January 2024. Certain files containing private information such as names, addresses, Social Security numbers, driver's license numbers, financial account numbers, patient IDs, medical treatment information, diagnoses, prescription information, and health insurance information were accessed. Lakeview Health denies wrongdoing, but has agreed to settle to avoid the costs and uncertainties of continuing litigation.
McKenzie Memorial Hospital Data Breach Settlement
McKenzie Memorial Hospital experienced a targeted cyberattack on its computer systems in April 2025 that compromised files containing private information. The files may have included personal data such as names, addresses, dates of birth, Social Security numbers, patient account numbers, medical record numbers, and diagnosis and treatment information. McKenzie denies any wrongdoing.
Advanced Recovery Data Settlement
Advanced Recovery Equipment & Supplies, LLC experienced unauthorized access to its systems and files containing sensitive personal information, which was discovered in October 2024. The defendant denies any wrongdoing.
$50–$3,500
Hillcrest Convalescent Center Data Breach Settlement
A cyberattack on Hillcrest Convalescent Center's computer systems occurred in June 2024 that may have resulted in unauthorized access to and acquisition of private information including names, addresses, financial account information, dates of birth, driver's license numbers, Social Security numbers, government-issued ID numbers, medical treatment information, health insurance information, and provider information. Hillcrest denies wrongdoing, and the parties agreed to settle to avoid costs and risks of continued litigation.
KYB Americas Corporation Data Incident Settlement
KYB Americas Corporation experienced a targeted data security incident on its computer systems in February 2025 in which certain files containing personal information were potentially accessed. KYB denies it did anything wrong, and the parties have agreed to settle the lawsuit to avoid the costs, risks, and uncertainties of continuing litigation.
Backchecked Data Breach Settlement
Backchecked, LLC was targeted by a cyberattack in September 2024 that compromised its computer systems. Certain files containing private information—including names, addresses, dates of birth, Social Security numbers, and driver's license numbers—may have been accessed. Backchecked denies any wrongdoing.
Henderson & Walton Women's Center Data Breach Settlement
Henderson & Walton Women's Center's computer systems experienced unauthorized access containing personal and protected health information between February 11, 2022, and February 14, 2022. The company has agreed to provide settlement benefits to affected individuals.
Berman & Rabin Data Breach Settlement
Berman & Rabin, P.A. suffered a cyberattack on its computer systems in July 2024 in which certain files containing private information were potentially accessed. The compromised information may have included names, Social Security numbers, drivers' license numbers, financial information, medical information, and health insurance information. The defendant denies wrongdoing, but has agreed to settle to avoid litigation costs and risks.
FMC Services Data Breach Settlement
FMC Services, LLC experienced a data incident on or about July 26, 2022, when an unauthorized third party compromised personally identifiable information and personal health information of settlement class members. The company denies that any information was actually acquired.
FitOn VPPA Settlement
FitOn Inc. allegedly disclosed subscribers' personally identifiable information to third parties without consent, violating the Video Privacy Protection Act (VPPA), which protects information about what video materials users have watched. FitOn denies that it violated any law.
Up to $10
Urban One Data Breach Settlement
Urban One's computer systems experienced a targeted cyberattack in March 2025 that resulted in unauthorized access to certain files containing personal information. The defendant denies wrongdoing, and the parties agreed to settle to avoid the costs and risks of continued litigation.
AOD Federal Credit Union Data Incident Settlement
AOD Federal Credit Union experienced unauthorized access to its network from August 8-9, 2024, potentially exposing settlement class members' private information including names, Social Security numbers, financial account numbers, and other personally identifiable information. The defendant denies any wrongdoing and the court has not decided who is right.
$75–$5,000
Crimson Wine Group Data Breach Settlement
Crimson Wine Group, Ltd. experienced a targeted cyberattack in or about June 2024 that accessed certain files containing private information, including names, Social Security numbers, and financial account information. The defendant denies wrongdoing, and the parties agreed to settle to avoid the costs and risks of continuing litigation.
Serviceaide Data Breach Settlement
Serviceaide, Inc.'s computer systems and network were compromised by unauthorized access between September 19, 2024, and November 5, 2024. This data breach exposed the private information of current and former patients of Catholic Health. The lawsuit alleges negligence, breach of implied contract, unjust enrichment, and invasion of privacy. The defendant denies all wrongdoing.
MOVEit Data Breach Settlement - Greater Rochester Independent Practice Association
GRIPA improperly secured personally identifiable information and protected healthcare information (names, dates of birth, Social Security numbers, health information, insurance information, and pharmacy data) through a vulnerable third-party file transfer software called MOVEit Transfer. A data breach occurred in May 2023 that exposed this information entrusted to GRIPA.
$100–$10,000
Omni Healthcare Data Breach Settlement
In January 2024, an unauthorized third party accessed files on Omni Healthcare's network through a cyberattack. The files contained personal information including names, dates of birth, medical record numbers, treatment information, and in some cases Social Security numbers, health insurance, and financial account information. Omni Healthcare denies any wrongdoing.
Abbott Laboratories Employees Credit Union Data Breach Settlement
In August 2024, Abbott Laboratories Employees Credit Union experienced a targeted cyberattack on its computer systems. The attack compromised certain files containing private information including names, financial account information, and Social Security numbers. The defendant denies wrongdoing, but the parties settled to avoid ongoing litigation costs and risks.
Gas Express Data Breach Settlement
In May 2024, Circle K suffered a targeted cyberattack on its computer systems. Certain files containing private information, including names and Social Security numbers, were accessed. Circle K denies wrongdoing and the Court has not decided the merits of the case.
Doe v. Okanogan Behavioral Healthcare Data Breach Settlement
Okanogan Behavioral Healthcare experienced unauthorized access to its systems in May 2024, exposing patients' sensitive personal information including names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information, and health insurance information. OBHC denies any wrongdoing.
$50–$5,350
Labcorp Data Breach Settlement
Laboratory Corporation of America Holdings (Labcorp) experienced a data breach affecting customers who received diagnostic services. The company is settling a lawsuit related to this alleged data breach with a $35 million settlement fund.
Lucent Health Solutions Data Breach Settlement
Lucent Health Solutions suffered a targeted cyberattack in October 2023 that compromised its computer systems. Certain files containing private information including names, dates of birth, and health insurance policy details may have been accessed.
Banner Health Data Breach Settlement
Banner Health disclosed patients' personally identifiable information and protected health information to third parties like Meta and Google through tracking technologies installed on its website and patient portal. Plaintiffs alleged this resulted in invasion of privacy and statutory violations. Banner denies all allegations of liability and wrongdoing.
Up to $20
Parks Heritage Federal Credit Union Data Breach Settlement
Parks Heritage Federal Credit Union experienced a targeted cyberattack on its computer systems in July 2024 in which private files were accessed. These files may have contained personal information including names, Social Security numbers, financial information, credit card numbers, and debit card numbers. Parks Heritage denies wrongdoing.
Lemonade Data Disclosure Settlement
Lemonade's online insurance quote platform experienced an unauthorized data exposure between April 2023 and September 18, 2024, compromising personal information such as driver's license numbers. Lemonade has agreed to settle the class action lawsuit related to this data incident.
Allina Pixel Settlement
Allina Health System allegedly disclosed certain personal or health-related information to third parties when users accessed the health system's websites or webpages. Allina Health System denies these allegations.
Pineland Community Service Board Data Breach Settlement
Pineland Community Service Board experienced a cybersecurity incident from November 2024 to January 2025 that resulted in potential unauthorized access to or acquisition of settlement class members' private information, including names, dates of birth, Social Security numbers, and medical information. The defendant denies any wrongdoing or liability, but agreed to settle to avoid the risk, cost, and time of continuing the lawsuits.
STIIIZY Data Breach Settlement
STIIIZY, Inc. experienced a data breach in October 2024 where personal information and private health information was stolen from the company's servers. The data breach was announced on January 7, 2025. STIIIZY denies all allegations and liability.
Schuster Data Breach Settlement
In January 2024, Schuster Company experienced a cybersecurity incident that may have exposed Personal Information from their computer systems. Files potentially accessed contained names, Social Security numbers, dates of birth, and driver's license or state identification information. Schuster denies wrongdoing and the parties agreed to settle to avoid litigation costs and uncertainties.
Comcast Data Breach Settlement
In October 2023, Comcast experienced a data breach where a third party gained unauthorized access to customers' personal information. The settlement compensates affected customers, though Comcast denies engaging in wrongdoing or violating any law.
Murphy v. Western Montana Clinic Data Breach Settlement
Western Montana Clinic experienced a data breach between March 11, 2025 and April 15, 2025, in which an unauthorized third party accessed a WMC employee email account containing personal health information.
Aspire Health Alliance Data Breach Settlement
Aspire Health Alliance suffered a targeted cyberattack on its computer systems in September 2023. Certain files containing private information were potentially accessed, including personal information such as names, dates of birth, dates of medical services, health insurance policy numbers, physician information, medical condition or treatment information, and Medicare or Medicaid numbers. Aspire denies wrongdoing, and the parties have agreed to settle to avoid further litigation costs and risks.
American Consumer Credit Counseling Data Breach Settlement
In January 2025, American Consumer Credit Counseling, Inc. experienced a cybersecurity incident in which a criminal third party gained unauthorized access to certain employee email accounts. The personal information of certain individuals may have been impacted, potentially including names, Social Security numbers, driver's license numbers, financial account numbers, and payment card information. ACCC denies it did anything wrong.
Naper Grove Vision Care Data Breach Settlement
Naper Grove Vision Care suffered a targeted cyberattack on its computer systems in May 2025. Files containing private information, including names combined with Social Security numbers and other non-public personally identifiable information, were accessed. The defendant denies wrongdoing, and the parties agreed to settle to avoid the costs and risks of continued litigation.
Columbus Regional Health Data Breach Settlement
Columbus Regional Health allegedly disclosed confidential personally identifiable information (PII) and protected health information (PHI) to third-party technologies without patient consent. Columbus Regional denies all claims but agreed to settle to avoid litigation costs and uncertainties.
Up to $25.50
Mount Sinai Medical Center Data Breach Settlement
Mount Sinai Medical Center of Florida disclosed personally identifying information and protected health information of patients to third parties through tracking, analytics, and advertising technologies on its website and patient portal between June 2021 and September 2025.
Up to $20
Central Valley Meat Co. Data Breach Settlement
Central Valley Meat Co.'s computer systems were compromised in May 2024, and files containing private information including names and Social Security numbers may have been accessed. Central Valley denies wrongdoing.
Amy Crull v. University of St. Thomas Data Breach Settlement
Unauthorized access to the University of St. Thomas network between July 25 and August 12, 2025 compromised personal information including credit card numbers, bank account information, Social Security numbers, passports, licenses, login credentials, addresses, email addresses, phone numbers, and donor information. UST disputes the claims and denies wrongdoing.
$50–$5,100
Physicians' Primary Care Data Incident Settlement
Physicians' Primary Care of Southwest Florida suffered a targeted cyberattack in September 2024 that compromised computer systems and exposed files containing private information. The exposed data may have included names, Social Security numbers, and protected health information. The defendant denies wrongdoing.
ApolloMD Data Breach Settlement
An unauthorized third party accessed and/or acquired files containing Private Information of patients treated by ApolloMD's affiliated physicians and practices in a data security incident on or around May 22, 2025. The Defendant denies these claims and maintains it did not do anything wrong.
Healthcare Services Group Data Breach Settlement
A cybersecurity incident occurring on or around September 27, 2024, potentially exposed employee personally identifiable information including names, Social Security numbers, driver's license numbers, state identification numbers, financial account details, full access credentials, and medical and health insurance information. HCSG denies any wrongdoing.
Up to $5,000
Total Vision Data Breach Settlement
Total Vision, LLC suffered a data security incident on October 30, 2020, affecting patients' and others' information. Plaintiffs claim Total Vision did not adequately protect this information. The defendant denies any wrongdoing, and no judgment of wrongdoing has been made.
Up to $1,000
Flo Period Tracker App Data Privacy Settlement
Flo Health Inc. operated a period and ovulation tracking app that allegedly shared users' menstruation and pregnancy information with third-party software development kits from Google, Flurry, and Meta between November 2016 and February 2019. The plaintiffs claimed this sharing violated privacy laws. Flo, Flurry, and Google deny any wrongdoing and agreed to settle to avoid further litigation costs and uncertainty.
Lands' End Data Breach Settlement
Lands' End experienced a data security incident in December 2024 that compromised customer information. Certain files containing personal information such as names, dates of birth, Social Security numbers, driver's license/passport information, and in limited cases medical information were potentially accessed. Lands' End denies wrongdoing.