The Data Breach Payday

In 2023 alone, data breaches exposed more than 353 million Americans. That's essentially every adult in the country, hit at least once. The companies that got breached paid billions in settlements. Most of that money went unclaimed.

Here's the basic structure of a data breach settlement:

Why Companies Settle Breach Cases

After a breach, affected individuals typically file class action lawsuits alleging the company failed to protect their data. Courts have become increasingly receptive to these claims, especially after major incidents like the Equifax breach (740 million settlement), T-Mobile ($350M), Yahoo ($117.5M), and Capital One ($190M).

Companies settle because:

• Litigation costs are unpredictable
• A settlement with a defined class is cleaner than individual suits
• Admitting liability in court is far more damaging than writing a check

What the Settlement Pays For

Most breach settlements cover:

• Out-of-pocket losses — Time spent dealing with the breach, identity theft remediation costs, credit freeze fees
• Credit monitoring — Usually 2–3 years of service, worth $100–$200
• Cash payments — Base payments ranging from $25–$125 per claimant, with higher amounts for documented harm
• Identity theft claims — $500–$25,000 if you can document actual identity theft resulting from the breach

The Catch: Most People Just Take the Free Monitoring

Settlement administrators make credit monitoring the easiest option to choose. It's pre-checked. It sounds valuable. It's also usually worth less to you than the cash alternative, and it gives the settlement administrator an easy out — you accepted a non-cash benefit.

The guide covers exactly when to take cash instead, how to document losses, and how to file claims across multiple settlements arising from the same breach event.

Most people dramatically underestimate how many breaches they've been part of. The average American's email address appears in 4–7 known data breaches. That's not a typo.

The Free Breach Check

Start with haveibeenpwned.com — a free service that indexes publicly disclosed breaches and lets you check any email address. Run every email you've ever used.

HIBP shows you the breach name, date, and what data was exposed. It does not show you whether a settlement was reached or whether you can still file — that requires separate research.

Cross-Referencing With Active Settlements

For each breach you find in HIBP, you need to determine:

1. Was a class action filed?
2. Did it settle?
3. Is the claim deadline still open?
4. Do you qualify as a class member?

This is where most people stop — the research feels tedious. But each positive match is worth $25–$125 minimum, and high-value breach settlements (Equifax, T-Mobile) pay substantially more for documented harm.

The Companies You Forgot You Gave Your Data To

Think beyond your main email. Consider:

• Hotel loyalty programs (Marriott breach: 500M records)
• Retailers (Target, Home Depot, Neiman Marcus)
• Healthcare providers (Premera, Anthem, Change Healthcare)
• Financial services (Equifax, Capital One, First American)
• Telecom (T-Mobile: 76M records in 2021 alone)

Breach settlement claims are structurally similar to standard class actions, with a few important differences. The most critical: breach settlements often have two tiers with significantly different payout amounts.

Tier 1: Basic Settlement Payment

This is the baseline payout just for being a class member. You check a box saying you were affected, provide your contact info, and get paid. No documentation required.

Amounts typically range from $25–$125 depending on the settlement size and claim rate. The Equifax settlement, for example, offered $125 to class members who could document they already had credit monitoring — or $10–$20 for those who just wanted a baseline cash payment.

Tier 2: Documented Out-of-Pocket Losses

This is where breach settlements differ from consumer product claims. If you spent time and money dealing with the breach's fallout — credit monitoring subscriptions, identity theft remediation, credit freeze fees, hours spent on the phone with credit bureaus — you can document those costs and claim up to $2,500–$5,000 in most major breach settlements.

Documentation that's accepted:

• Receipts for credit monitoring services you paid for
• Credit freeze fees (usually $5–$15 per bureau)
• Documented time spent (most settlements allow $25/hr for time spent dealing with the breach, up to 20 hours)
• Any identity theft costs — bank fees, legal costs, lost wages

Tier 3: Identity Theft Claims

If the breach actually resulted in identity theft — fraudulent accounts opened in your name, tax fraud, unauthorized charges — breach settlements typically allow claims up to $25,000. These require police reports, FTC identity theft affidavits, and documentation of harm, but they're worth pursuing if you have them.