Data breaches have become one of the most common sources of class action settlements. Over the past decade, hundreds of millions of Americans have had personal information exposed — Social Security numbers, credit card data, medical records, passwords. Courts have ruled that victims deserve compensation even when they can't point to direct financial harm.

This guide explains exactly how data breach class action settlements work, how to know if you're covered, and how to file a claim.

What Is a Data Breach Class Action Settlement?

When a company suffers a data breach, affected individuals often band together to file a class action lawsuit. The lawsuit claims the company failed to adequately protect their data — in violation of their own privacy policies, state consumer protection laws, or federal regulations.

Rather than go to trial, most companies settle. They agree to pay a fund (typically ranging from $5 million to over $700 million depending on company size and breach scope), and affected individuals can submit claims to receive a share.

The company doesn't admit wrongdoing. Class members release their legal claims in exchange for compensation. Both sides move on.

Who Is Eligible?

Eligibility is defined in the settlement agreement, but it almost always follows this pattern: if your personal information was included in the breach, you're a class member.

Common eligibility criteria:

  • You had an account with the company during the breach period
  • You made a purchase that required submitting personal information
  • You received a breach notification letter from the company
  • Your Social Security number, financial data, or medical records were exposed

In most cases, you do not need to prove that your data was actually misused. Courts have ruled that the exposure itself — the risk of identity theft and fraud — constitutes sufficient harm to bring a claim.

What Proof Do You Need?

This is the most common question, and the answer is usually: not much.

Most data breach settlements offer two tiers of compensation:

Tier 1: Basic Compensation (No Documentation Required)

Simply certify that you were a class member — that you had an account or made a purchase during the covered period. No receipts, no bank statements, no proof of identity theft required.

Typical payout: $50–$200

Tier 2: Enhanced Compensation (Documentation Required)

If you can document actual losses caused by the breach — fraudulent charges, costs for credit monitoring, time spent resolving identity theft issues — you can claim a higher amount.

Typical payout: $100–$10,000+ depending on documented losses

The vast majority of claimants go with Tier 1. It's faster, simpler, and still puts real money in your pocket.

How Much Do Data Breach Settlements Pay?

The per-person payout depends on three factors:

  1. Total fund size — larger settlements mean more money to distribute
  2. Number of claims filed — the more people file, the smaller each check
  3. Pro rata adjustment — if few people file, everyone's check gets larger

Here are some real examples of recent data breach settlement payouts:

  • Equifax breach (2017) — $425M fund, ~$125 per person (basic claims)
  • Capital One breach (2019) — $190M fund, ~$25–$75 per person
  • T-Mobile breach (2021) — $350M fund, average ~$25 per person
  • MGM Hotels breach (2019) — $45M fund, ~$75 per person

Smaller company breaches with fewer claims often pay more per person because the fund is divided among fewer claimants. A $5M settlement with 10,000 claims pays $500 per person.

Step-by-Step: How to File a Data Breach Settlement Claim

  1. Verify eligibility — confirm you had an account or made a transaction during the breach period. Check your email history or account records.
  2. Find the official settlement website — search for "[company name] data breach settlement" or browse SettlementRadar's directory. Only use official .com settlement sites.
  3. Complete the claim form — most forms take 3–10 minutes. You'll enter your name, address, email, and a few eligibility questions.
  4. Choose payment method — check, PayPal, Venmo, or Zelle depending on the settlement.
  5. Submit before the deadline — once submitted, you'll receive a confirmation. Keep it.

Watch Out for These Common Mistakes

  • Using your current email vs. the one tied to your account — the claims administrator may verify your identity against company records. Use the email you originally signed up with.
  • Missing the deadline — data breach claim periods typically run 60–120 days. Check the deadline first, file second.
  • Filing on a fake site — scammers set up fake "settlement" websites. The real site is always listed on PACER (federal court records) and linked from the official settlement administrator. When in doubt, check SettlementRadar.
  • Not saving your confirmation number — some settlements require a confirmation code to check your payment status.

Major Data Breaches With Active or Recent Settlements

Browse all currently open data breach settlements in the SettlementRadar data breach category →

New data breach settlements are added to the directory as soon as they receive court approval. Given the pace of breaches — over 3,000 reported per year in the U.S. — there's almost always something open to claim.

The Bottom Line

If your data has been exposed in a breach, you've likely earned the right to compensation. Most claims take under 10 minutes and require no documentation. The only way to lose is to not file.

Start by checking all open data breach settlements →