If your personal data was exposed in a data breach, you may be entitled to money from a class action settlement — and you might not even know it. Companies that fail to protect your data often face lawsuits, and the resulting settlements can pay affected individuals anywhere from $25 to $25,000 or more. The catch is that you usually need to file a claim before a deadline, and most people never do. This guide walks you through exactly how to find out if you qualify and how to claim your money.

Billions of personal records have been exposed in data breaches over the past decade, and many of the companies responsible have been forced to pay large settlements. But the money only goes to people who actually file a claim. According to the Federal Trade Commission, the majority of eligible people never claim their share — meaning billions of dollars in settlement funds go unclaimed every year.

What is a data breach class action settlement?

A class action lawsuit is when a group of people who were all harmed by the same company join together in a single legal case. In the context of data breaches, this means all the people whose data was exposed file one collective lawsuit against the company that failed to protect their information.

When the case settles (most do — very few go to trial), the company agrees to pay a total settlement amount. That money is then divided among all eligible people who file a claim.

Here is how it works in simple terms:

  1. A breach happens — a company gets hacked and your personal data is exposed
  2. Lawyers file a class action — law firms file a lawsuit on behalf of all affected individuals
  3. The case settles — the company agrees to pay a certain amount rather than go to trial
  4. You file a claim — you submit a form proving you were affected
  5. You get paid — after the court approves the settlement and claims are processed, you receive your share

The amount you receive depends on how many people file claims, what type of data was exposed, and whether you can document any actual losses.

Notable data breach settlements — how much did people actually get?

Here are some of the largest data breach settlements to date, so you can see what kind of money has been available:

BreachSettlement AmountPer-PersonStatus
Equifax (2017)$700 millionUp to $125Claims closed
T-Mobile (2021)$350 millionUp to $25,000Claims closed
Facebook/Cambridge Analytica$725 million~$30Claims closed
Capital One (2019)$190 millionUp to $25,000Claims closed
Yahoo (2013-2016)$117.5 million~$25Claims closed

A few important things to notice:

The per-person amounts vary enormously. The Equifax settlement offered up to $125 for basic claims but up to $20,000 for people with documented identity theft losses. T-Mobile offered up to $25,000 for people who could prove financial harm.

Most people get the basic amount. Unless you can document specific financial losses, you will typically receive the base payment — usually $25 to $150.

These settlements are all closed now. The claims deadlines have passed for all of the cases listed above. But new settlements are announced regularly as new breach lawsuits are resolved.

How to find out if you qualify for a settlement

There are several ways to check whether you are eligible for an active data breach settlement:

Step 1 — Check if your email was in a breach. Start by finding out which breaches your data appeared in. EmailLeaked scans over 12 billion records from 962+ known breaches and shows you exactly which ones include your information. This is free and takes under 10 seconds.

Step 2 — Search for active settlements. Once you know which breaches affected you, search for active class action settlements related to those breaches. The best places to check:

  • ClassAction.org — tracks data breach lawsuits and settlement status
  • TopClassActions.com — lists active class action settlements you can join
  • The official settlement website for each case (usually listed in notification emails)

Step 3 — Check your email for notifications. Settlement administrators send emails to known breach victims. Search your inbox (including spam and promotions folders) for terms like “settlement,” “class action,” “claim,” or “data breach.” These emails are legitimate — they are not scams.

Step 4 — Check your physical mail. Some settlements send notifications by postal mail, especially for breaches involving financial or medical data. Do not ignore official-looking letters about data breach settlements.

Step-by-step: How to file a data breach settlement claim

Once you have found a settlement you qualify for, here is exactly how to file your claim:

1. Go to the official settlement website. Every class action settlement has a dedicated website. It will have a URL like “www.BreachNameSettlement.com” and will be referenced in any notification you received. Only use the official site — never click links in unsolicited emails.

2. Verify your eligibility. Most settlement websites have a lookup tool where you enter your email address or name to confirm you were affected by the breach. Some may ask for additional verification.

3. Choose your claim type. Most settlements offer two or more claim options:

  • Basic claim — a flat payment (usually $25-$150) that requires no documentation. You simply confirm you were affected
  • Documented losses claim — a larger payment (potentially thousands of dollars) that requires you to submit proof of actual financial harm caused by the breach
  • Credit monitoring — free credit monitoring services, usually for 2-4 years

4. Fill out the claim form. This is usually a simple online form that takes 5 to 15 minutes. You will need:

  • Your name and contact information
  • The email address that was in the breach
  • For documented losses: receipts, bank statements, or records showing financial harm

5. Submit before the deadline. Every settlement has a strict claims deadline. Miss it and you get nothing. Submit your claim as soon as possible — do not wait until the last day.

6. Wait for payment. After the claims deadline passes, the court reviews and approves the final settlement. The settlement administrator then processes all claims and sends payments. This typically takes 6 to 18 months.

Common mistakes that cost you money

People lose out on settlement money because of these avoidable mistakes:

Not filing at all. This is by far the biggest mistake. Most eligible people never file a claim because they do not know they qualify, they think the amount is too small to bother with, or they assume it is a scam. The claims are real, and the money adds up — especially if you have been affected by multiple breaches.

Missing the deadline. Settlement deadlines are strict. Courts almost never grant extensions for individual claimants. Set a calendar reminder as soon as you learn about a settlement.

Only filing a basic claim when you have documented losses. If the breach caused you real financial harm — fraudulent charges on your accounts, time spent dealing with identity theft, money spent on credit monitoring — document everything and file for the higher amount. Many people leave thousands of dollars on the table by filing basic claims when they qualify for much more.

Throwing away notification letters. Those official-looking letters about data breach settlements are real. Do not assume they are junk mail. Read them carefully and follow the instructions.

Not checking multiple breaches. Your data may have been exposed in several different breaches, each with its own settlement. Check all the breaches your email appears in so you do not miss any settlements you qualify for.

How to find currently active settlements in 2026

New data breach settlements are announced regularly. Here is how to stay on top of them:

Check settlement aggregator websites regularly. Sites like ClassAction.org and TopClassActions.com maintain updated lists of active settlements with open claims periods.

Set up Google Alerts. Create alerts for “data breach settlement” and “class action settlement” to get notified when new settlements are announced.

Monitor your email. Settlement administrators will email you if you are a known member of the affected class. Make sure these emails are not going to your spam folder.

Check your breach history. Companies that suffered breaches in 2023-2025 are likely settling lawsuits in 2026. If you know which breaches your data was in, you can proactively search for settlements related to those specific companies.

The most important first step is knowing which breaches your data appeared in. Check your email against 962+ known breaches — it is free and takes seconds. Once you know which breaches affected you, you can search for any active or upcoming settlements tied to those companies.

What if a settlement seems like a scam?

It is smart to be cautious. Here is how to tell the difference between a legitimate settlement notification and a scam:

Legitimate settlement notices:

  • Come from a recognisable settlement administrator (like Epiq, JND Legal Administration, or Angeion Group)
  • Reference a specific breach you were actually affected by
  • Direct you to an official settlement website (not a random URL)
  • Never ask for payment or sensitive information like your full Social Security number
  • Include a case number and court name that you can verify

Scam warning signs:

  • Asks you to pay a fee to receive your settlement money
  • Requests your full Social Security number, bank account details, or credit card number
  • Comes from a generic email address
  • Pressures you to act immediately with threatening language
  • Cannot be verified through a simple Google search of the case name

When in doubt, search for the settlement name on Google and go directly to the official website rather than clicking any links in the email.

Do breach settlements actually change anything?

Large settlements do have a real impact. When companies face hundreds of millions of dollars in payouts, it creates a strong financial incentive to invest in better security. The Equifax settlement, for example, required the company to spend at least $1 billion on data security improvements in addition to the $700 million payout.

However, settlements alone are not enough to protect you. Breaches continue to happen at an increasing rate. The best approach is a combination of claiming the money you are owed from past breaches and proactively protecting yourself from future ones.

Start by checking which breaches have exposed your data, then take the protective steps outlined in our guide on what to do after a data breach. And whenever a settlement is announced for a breach you were part of, file your claim before the deadline. That money is yours — do not leave it on the table.