Every year, hundreds of millions of Americans have their personal data exposed in corporate data breaches. And every year, the companies responsible pay out billions of dollars in class action settlements — much of it unclaimed because people simply don't know they qualify.

In 2025 alone, data breach settlements exceeded $6.2 billion across thousands of cases. The average individual payout ranged from $25 to $500, with documented-harm claimants sometimes receiving thousands. This guide explains everything you need to know to collect what you're owed.

See which data breach settlements are currently accepting claims. Browse Open Data Breach Settlements →

What Is a Data Breach Settlement?

When a company suffers a data breach — whether through hacking, negligence, or poor security practices — the people whose data was exposed can sue for damages. Because these cases affect thousands or millions of people simultaneously, they're filed as class action lawsuits.

Rather than fight these cases to trial (which is expensive and uncertain), companies typically negotiate a settlement. This settlement creates a fund that eligible class members — meaning anyone whose data was exposed — can claim from.

Who Typically Files Data Breach Class Actions?

Data breach class actions are filed by private attorneys who specialize in consumer protection law. They investigate breaches, gather evidence, and file suit on behalf of all affected consumers. These attorneys typically work on contingency — meaning they only get paid if the case settles or wins at trial.

You don't need a lawyer to file your individual claim. Once a settlement is reached, the settlement administrator sends notices and opens a claim portal that anyone in the class can use.

How Data Breach Settlements Work: Step by Step

Step 1: The Breach Occurs

A company experiences a security incident. Under federal and state law, most companies are required to notify affected customers within a specific timeframe — typically 30 to 60 days.

Step 2: Class Action Is Filed

Attorneys file a lawsuit on behalf of all affected individuals. Multiple similar lawsuits are often consolidated into a single class action in federal court.

Step 3: Settlement Negotiations

Both sides typically engage in settlement negotiations rather than go to trial. Settlements are common because they provide certainty for companies and faster compensation for consumers.

Step 4: Preliminary Approval & Notice

A judge reviews and preliminarily approves the settlement terms. A settlement administrator is appointed to notify class members via email, mail, or published notice.

Step 5: Claims Filing Period

Class members have a window — typically 60 to 180 days — to submit their claims. This is when you file your claim online or by mail.

Step 6: Final Approval & Distribution

After the claims period closes, a judge holds a final approval hearing. If approved, payments are distributed. This process typically takes 3 to 18 months from settlement announcement.

What Do Data Breach Settlements Typically Pay?

Payouts vary dramatically based on several factors:

  • No-proof "time spent" claims: $25–$100 per person
  • Documented out-of-pocket losses (bank fees, credit monitoring costs): up to $500
  • Identity theft or fraud victims: up to $5,000 or more
  • California residents (stronger privacy laws): often receive higher payouts

One important nuance: when settlement funds aren't fully claimed, individual payouts often go up. If 20% of eligible people file claims instead of 100%, each person who did file gets a proportionally larger share.

Use our free calculator to estimate your potential payout. Try the Settlement Payout Calculator →

Do You Need Proof to File a Data Breach Claim?

Usually not. Most data breach settlements have two tiers:

Tier 1 — No Proof Required: Simply certify that your data was exposed and you spent some time dealing with the breach (changing passwords, monitoring accounts, etc.). Typically pays $25–$75.

Tier 2 — Documented Losses: Submit receipts, bank statements, or other documentation showing actual financial harm. Pays more but requires evidence.

For most people, the no-proof tier is the right choice. It's faster, simpler, and still pays real money.

See all no-proof data breach settlements currently open →

How to Find Out If You're Included in a Settlement

There are several ways to find out if you're eligible for a data breach settlement:

  1. Check your email: Settlement notices are sent to the email address on file with the breached company.
  2. Search by company name: If you know you were a customer of a company that had a breach, search for their settlement specifically.
  3. Use SettlementRadar's eligibility checker: Enter your email and we'll cross-reference it against known breach datasets.
  4. Check haveibeenpwned.com: This free service shows you which known breaches included your email address.

Keep in mind: even if you didn't receive a notice, you may still qualify. Notices go missing, get filtered as spam, or go to outdated email addresses. Check even if you weren't notified.

Check if your email was exposed in any known data breach. Run Free Breach Check →

Major Data Breach Settlements Still Accepting Claims in 2026

The following types of breaches have historically generated large settlement funds. Search our database for current cases:

  • Healthcare data breaches — hospitals, insurance companies, pharmacy chains
  • Retail & e-commerce breaches — payment card data exposure
  • Financial services breaches — banks, lenders, credit reporting agencies
  • Social media & app breaches — platforms that shared data without consent
  • Government contractor breaches — vendors that handle sensitive data
Browse all open data breach settlements →

Tips for Maximizing Your Data Breach Settlement Claims

File Every Claim You Qualify For

There's no limit on how many settlements you can claim from simultaneously. If your data was exposed in five breaches, file five claims. Each one is independent.

Submit Before the Deadline

Filing deadlines are strict. Late claims are almost always rejected with no exceptions. Set calendar reminders and file as soon as you confirm your eligibility.

Keep Good Records

Even for no-proof claims, it's smart to keep a record of when you filed, your confirmation number, and what settlement it was for. This helps if there are questions later.

Update Your Contact Information

Payment checks or electronic deposits will go to whatever contact information you provide when filing. Use a current email and mailing address you'll still have when payments arrive months later.

Common Data Breach Settlement Mistakes

Missing the deadline: This is the most common mistake. Deadlines are immovable. Never assume you have more time.

Using the wrong email address: File with the email address you actually used with the breached company, not your current primary email.

Not checking for "pro rata" adjustments: Some settlements cap total payouts and reduce individual payments if too many people file. Understanding this helps set expectations.

Assuming the check will arrive quickly: The legal process takes time. Expect 6–18 months from settlement announcement to payment receipt.

How long does it take to receive a data breach settlement payment?

Typically 6 to 18 months after the settlement is announced. The timeline includes court approval, claims administration, and payment processing. Some large settlements with many claimants take longer.

Can I be excluded from a class action settlement?

Yes. You can submit an "opt-out" request during the claims period. This preserves your right to sue the company individually. Most people choose to stay in the class and file a claim instead.

Do I need to report data breach settlement payments on my taxes?

Generally, payments for "time spent" or emotional distress are not taxable. Payments that compensate for actual financial losses may be taxable. Consult a tax professional for your specific situation.

What if the company claims the breach didn't expose my data?

For class action settlement purposes, if the company has settled, the class definition has already been legally established. If you meet the class definition (e.g., you were a customer during the breach period), you qualify regardless of whether your specific data was provably stolen.

Can I file a data breach claim if I didn't receive a settlement notice?

Yes. Settlement notices are sent to last-known addresses and emails, but many people never receive them. You can still search for relevant settlements and file a claim as long as the claims period hasn't ended.

Data breach settlements represent one of the most accessible forms of consumer compensation available. You don't need a lawyer, you often don't need proof, and the entire process can take under 10 minutes. The only thing stopping most people is not knowing these settlements exist.

Browse all open data breach settlements and file your claims today →