If you have used the internet in the last decade, your personal data has almost certainly been compromised in at least one data breach. The Identity Theft Resource Center reported over 3,200 data breaches in 2023 alone, exposing billions of records. Major companies including T-Mobile, AT&T, Equifax, and 23andMe have all suffered breaches that exposed millions of customers' sensitive information.
The good news is that many of these breaches have resulted in class action settlements that pay real money to affected individuals. This guide covers the biggest data breach settlements, how to check if you are affected, and how to file your claims.
Major Data Breach Settlements
Equifax ($700 Million, 2019)
People affected: 147 million Americans
Data exposed: Social Security numbers, birth dates, addresses, driver's license numbers
What happened: In 2017, hackers exploited a known vulnerability in Equifax's web application framework that the company had failed to patch. The breach went undetected for 76 days. Because Equifax is a credit reporting bureau, the stolen data included the most sensitive financial information possible.
Settlement payouts: Basic claims paid approximately $5-$10. Claimants who documented specific losses (identity theft, time spent, out-of-pocket expenses) could receive up to $20,000. Free credit monitoring was also offered for up to 10 years.
Lesson: The basic payout was small because so many people filed. But those who documented their losses received significantly more. Always document the time and money you spend dealing with a breach.
T-Mobile ($350 Million, 2022)
People affected: 76.6 million customers
Data exposed: Names, Social Security numbers, driver's license information, phone numbers, addresses
What happened: In August 2021, a hacker accessed T-Mobile's systems and stole the personal information of current, former, and prospective customers. This was one of several breaches T-Mobile has suffered, raising serious questions about the company's data security practices.
Settlement payouts: Class members received approximately $25 each, plus two years of identity protection through McAfee's ID Theft Protection Service. California residents received slightly more due to state privacy laws. Those with documented losses could claim up to $25,000.
AT&T (Settlement Pending, 2024-ongoing)
People affected: 73 million current and former customers
Data exposed: Social Security numbers, account numbers, passcodes, names, email addresses, mailing addresses, phone numbers, birth dates
What happened: In early 2024, AT&T acknowledged that data from approximately 73 million accounts was published on the dark web. The data appeared to be from 2019 or earlier. AT&T initially denied the data came from its systems but later confirmed the breach.
Status: Class action lawsuits have been filed. If you were an AT&T customer before 2020, monitor this case for settlement developments.
23andMe ($30 Million, 2024)
People affected: 6.9 million users
Data exposed: Genetic ancestry data, DNA relatives information, profile information including names, birth years, and geographic locations
What happened: Hackers used credential stuffing (trying stolen passwords from other breaches) to access approximately 14,000 accounts. Through the DNA Relatives feature, they then accessed the genetic information of 6.9 million users who were connected to those accounts.
Settlement payouts: $30 million settlement fund. Affected users received cash payments and three years of Privacy & Medical Shield monitoring. The payout amount per person depended on the number of valid claims filed.
Yahoo ($117.5 Million, 2020)
People affected: 3 billion accounts (all Yahoo accounts at the time)
Data exposed: Names, email addresses, phone numbers, birth dates, security questions, hashed passwords
What happened: Yahoo suffered two massive breaches in 2013 and 2014, which were not disclosed until 2016. The 2013 breach affected every single Yahoo account in existence — 3 billion accounts, making it the largest data breach in history by the number of records.
Settlement payouts: Claimants received approximately $25 each, or two years of credit monitoring. Those with documented losses could claim up to $25,000.
Capital One ($190 Million, 2022)
People affected: 100 million Americans and 6 million Canadians
Data exposed: Social Security numbers, bank account numbers, credit scores, credit limits, transaction data, names, addresses, phone numbers
What happened: A former Amazon Web Services employee exploited a misconfigured firewall to access Capital One's cloud-stored data in 2019. The breach exposed highly sensitive financial information from credit card applications.
Settlement payouts: $190 million settlement fund. Claimants received payments for documented losses up to $25,000, plus free identity protection services.
Stay on Top of Settlement Deadlines
Data breach settlements open and close constantly. Class Action Buddy sends you reminders and helps you file claims before deadlines pass.
Download the AppHow to Check If Your Data Was Breached
You might be affected by more data breaches than you realize. Here is how to check:
1. Check Your Email
Companies are legally required to notify affected individuals after a breach. Search your email inbox (including spam and promotions folders) for terms like "data breach," "security incident," "unauthorized access," or "notice of data breach." These notifications often include instructions for filing a claim or activating free credit monitoring.
2. Use HaveIBeenPwned.com
This free service, run by security researcher Troy Hunt, lets you enter your email address and see if it has appeared in any known data breaches. It covers hundreds of breaches and is updated regularly. If your email appears, it tells you which breach exposed it and what data was compromised.
3. Check the Company's Breach Notification Website
After major breaches, companies typically set up dedicated websites where you can check if your account was affected. For example, Equifax created equifaxbreachsettlement.com and T-Mobile created a dedicated claims portal. These sites often let you search by email address or last name.
4. Review Your Accounts
If you were a customer of any of the companies listed in this article during the breach period, you are likely affected. Check your records:
- Were you a T-Mobile customer before August 2021?
- Did you have a Yahoo email account before 2016?
- Did you use 23andMe and enable DNA Relatives?
- Did you apply for a Capital One credit card before 2019?
- Were you an AT&T customer before 2020?
How to File a Data Breach Claim
The filing process for data breach settlements is generally straightforward:
- Confirm your eligibility. Check the settlement website to verify you are part of the affected class.
- Choose your claim type. Most settlements offer a basic claim (flat payment, no documentation needed) and an enhanced claim (higher payment for documented losses). If you spent time or money dealing with identity theft, file the enhanced claim.
- Gather documentation if applicable. For enhanced claims, collect bank statements showing fraudulent charges, receipts for credit monitoring services you purchased, credit reports showing unauthorized accounts, and a written estimate of time spent dealing with the breach (valued at $25/hour in many settlements).
- Submit the claim form. Fill out the required information and submit before the deadline. For consumer product and some data breach settlements, Class Action Buddy can auto-fill your forms and submit digitally.
- Wait for payment. Payouts typically arrive 3-12 months after the claims deadline. Keep your address current.
Maximizing Your Data Breach Payout
Most people file the basic claim and move on. But if a breach caused you real harm, you can often claim significantly more. Here is how to maximize your payout:
- Document everything. Keep a log of time spent on hold with banks, time changing passwords, time dealing with fraudulent accounts. Many settlements value your time at $25/hour.
- Save receipts. If you purchased credit monitoring, identity theft protection, or credit freeze services because of the breach, those costs are usually reimbursable.
- Check for identity theft. Pull your credit reports from all three bureaus (free at AnnualCreditReport.com). If there are accounts you did not open, document them — this dramatically increases your claim value.
- File for out-of-pocket losses. Fraudulent charges, replacement card fees, notary fees for affidavits, and similar expenses are all claimable in most settlements.
- Claim the free services. Even if the cash payout is small, the free credit monitoring and identity protection services offered as part of many settlements are worth $100-$300 per year. Activate them.
Protecting Yourself After a Breach
Filing a claim gets you compensated for the past, but you also need to protect yourself going forward:
- Freeze your credit. This is free at all three credit bureaus (Equifax, Experian, TransUnion) and prevents anyone from opening new accounts in your name. You can temporarily lift the freeze when you need to apply for credit.
- Use unique passwords. If the breach exposed your password, change it everywhere you used the same one. Use a password manager to maintain unique passwords for every account.
- Enable two-factor authentication. This adds a second layer of security beyond your password, making it much harder for hackers to access your accounts even if they have your password.
- Monitor your accounts. Set up alerts on your bank and credit card accounts for any transactions you did not authorize. Most banks offer free transaction alerts via text or email.
- File an IRS Identity Protection PIN. If your Social Security number was exposed, an IP PIN prevents someone from filing a fraudulent tax return in your name. Request one at irs.gov.
Why Data Breach Lawsuits Matter
Beyond the individual payouts, data breach class actions serve an important purpose: they hold companies accountable for failing to protect customer data. When a breach costs a company hundreds of millions of dollars in settlement payments, it creates a powerful financial incentive to invest in security.
Companies that face class action consequences for breaches tend to spend significantly more on cybersecurity afterward. The T-Mobile settlement, for example, included a requirement that T-Mobile spend $150 million improving its data security infrastructure. Without the class action, that investment might never have happened.
Every claim you file reinforces the message that companies must take data security seriously. And every dollar you collect is money that is rightfully yours — compensation for having your most sensitive personal information exposed through someone else's negligence.
How Class Action Buddy Helps
While many data breach settlements require filing through the official settlement website, Class Action Buddy helps you keep track of which settlements are open and when their deadlines are. The app sends push notification reminders before deadlines close, so you never miss an opportunity to file.
For consumer product settlements (which make up the majority of our current listings), the app goes further: it auto-fills your claim forms, shows a live PDF preview, and submits claims digitally. Check our active settlements page to see what is available now.
Frequently Asked Questions
How do I know if my data was part of a breach?
Companies are legally required to notify you if your data was breached. Check your email (including spam) for breach notification letters. You can also use free tools like HaveIBeenPwned.com to check if your email address has appeared in known data breaches. If you were a customer of a breached company during the relevant time period, you are likely affected.
How much money can I get from a data breach settlement?
Basic claims without documented losses typically pay $25-$100 per person. If you can document specific losses like identity theft, fraudulent charges, or time spent dealing with the breach, you can claim significantly more — sometimes up to $20,000 or more depending on the settlement.
Do I need proof to file a data breach claim?
For the basic payout tier, you usually just need to confirm you were a customer during the breach period. For higher payouts, you need to document your losses — things like bank statements showing fraudulent charges, receipts for credit monitoring services, or a log of time spent dealing with identity theft.
Can I file multiple data breach settlements?
Yes. If your data was compromised in multiple breaches (which is increasingly common), you can file a separate claim for each settlement. There is no limit on the number of data breach settlements you can participate in.
Is it worth filing a data breach claim for a small amount?
Yes. A $25-$50 payout for 5 minutes of work is a good use of your time. Additionally, data breach settlements often include free credit monitoring and identity protection services worth hundreds of dollars per year. The non-cash benefits alone make filing worthwhile.