Your Personal Data Has Been Stolen. Here's How to Get Paid.
Here's a number that should infuriate you: over 1.5 billion personal records were exposed in data breaches in 2025 alone. Names. Social Security numbers. Credit card details. Home addresses. Medical records. All leaked, sold on the dark web, or floating around servers that shouldn't have them.
And here's the part that should make you act: billions of dollars in data breach settlements are available right now, and most people never claim their share.
The Equifax settlement from 2019? Still paying out. T-Mobile's massive 2021 breach? Settlement funds available. AT&T, Marriott, Yahoo, Capital One — the list goes on. Companies that leaked your most sensitive information are legally required to compensate you.
But they're counting on you not claiming it.
The settlement notices look like junk mail. The deadlines are confusing. The claims process is tedious. By design. Companies know that friction kills claims. Every unclaimed dollar goes back to them or to lawyers.
This guide will show you how to find out if your data was breached, which settlements you qualify for, and exactly how to get the money you're owed.
Major Active Data Breach Settlements in 2026
Let's start with the money on the table right now. These are the biggest data breach settlements with active claims or upcoming deadlines.
Equifax Data Breach Settlement — Up to $20,000
The breach: In 2017, Equifax exposed the personal data of 147 million Americans — Social Security numbers, birth dates, addresses, and driver's license numbers. It remains one of the largest data breaches in history.
The settlement: $425 million fund for affected consumers, later increased to over $700 million.
What you can claim:
- Free credit monitoring: 10 years of credit monitoring through Experian (valued at $200+/year)
- Cash payment: Up to $125 if you already have credit monitoring
- Identity restoration services: Up to 7 years of identity theft assistance
- Out-of-pocket expenses: Up to $20,000 for documented losses from identity theft
- Time spent dealing with the breach: $25/hour for up to 20 hours ($500 max)
How to claim: Visit the official settlement website at equifaxbreachsettlement.com. You'll need your personal information and documentation of any expenses or time spent on identity theft issues.
Deadline status: The initial deadline has passed, but extended claims for documented identity theft losses may still be accepted. Check the official site for current status.
Important note: Early claimants who chose the $125 cash option received significantly less (some as little as $5-7) because so many people filed claims. Those who chose credit monitoring got the full value. Lesson: sometimes the non-cash option is worth more.
T-Mobile Data Breach Settlement — Up to $25,000
The breach: In August 2021, T-Mobile suffered a massive cyberattack that exposed data of 77 million customers — names, dates of birth, Social Security numbers, driver's license information, and phone numbers.
The settlement: $350 million class action settlement, one of the largest data breach settlements ever.
What you can claim:
- Cash payment: Approximately $25-100 per customer (varies based on claims filed)
- Identity protection: Two years of McAfee ID Theft Protection (worth $180+)
- Out-of-pocket losses: Up to $25,000 for documented identity theft expenses
- California residents: Additional statutory damages under CCPA
Who qualifies: Anyone who was a T-Mobile customer at the time of the breach, including Metro by T-Mobile, Sprint (which T-Mobile acquired), and former Boost Mobile customers.
How to claim: The official settlement site has a claims portal. You'll need to verify your identity as a T-Mobile customer during the breach period.
Deadline status: Initial claims have been processed, but supplemental claims for identity theft victims may still be open. T-Mobile also committed to $150 million in cybersecurity improvements.
AT&T Data Breach Settlement — Claims Opening 2026
The breach: In 2024, AT&T confirmed a breach affecting 73 million current and former customers. The leaked data included Social Security numbers, passcodes, and personal information dating back to 2019.
The settlement: Class action litigation is ongoing. Early settlement estimates suggest a fund of $100+ million.
What you can expect to claim:
- Cash payments (amount TBD based on settlement)
- Credit monitoring services
- Identity restoration assistance
- Reimbursement for documented losses
Who qualifies: Current and former AT&T customers whose data was included in the breach. AT&T has notified affected customers directly.
How to prepare: Even before the settlement finalizes, document any identity theft or fraud you've experienced since the breach. Save evidence of fraudulent accounts, unauthorized charges, and time spent resolving issues.
23andMe Data Breach Settlement — Pending
The breach: In late 2023, hackers accessed 6.9 million user profiles on the genetic testing site through credential stuffing attacks. The stolen data included highly sensitive genetic information, family relationships, and ancestry details.
The settlement: Class action lawsuits are consolidated and progressing. Settlement negotiations expected in 2026.
Why this matters: Genetic data is uniquely sensitive. Unlike a credit card number, you can't change your DNA. This breach has lifetime implications for affected users.
What you can expect: Given the sensitivity of genetic data and recent privacy law developments, this settlement could be substantial. Claimants may receive significant per-person payouts plus credit monitoring.
Ticketmaster/Live Nation Data Breach — Active
The breach: In 2024, Ticketmaster confirmed a breach affecting 560 million customers — names, addresses, phone numbers, and partial payment information.
The settlement: Multiple class actions filed. Settlement discussions are underway.
Who qualifies: Anyone who purchased tickets through Ticketmaster or Live Nation platforms during the affected period.
How to prepare: Keep records of your Ticketmaster purchases. Monitor your payment methods used on the platform for unauthorized charges.
Other Active Data Breach Settlements Worth Checking
| Company | Breach Date | Records Exposed | Settlement Status |
|---|---|---|---|
| MOVEit (multiple companies) | 2023 | 77+ million | Multiple settlements, varies by company |
| MGM Resorts | 2023 | 10+ million | Class action pending |
| Change Healthcare | 2024 | 100+ million | Litigation ongoing |
| Marriott | 2018 | 500 million | Settlement active, claims available |
| Capital One | 2019 | 100 million | Settlement distributed, some claims still processing |
| Yahoo | 2013-2016 | 3 billion | Settlement closed, but lessons remain |
How to Check If Your Data Was Breached
Before you can claim settlement money, you need to know which breaches affected you. Here's how to find out.
Method 1: Have I Been Pwned (Free)
Website: haveibeenpwned.com
This is the gold standard for breach checking. Created by security researcher Troy Hunt, this free database contains over 13 billion breached records.
How to use it:
- Enter your email address
- The site shows which breaches included your email
- Check all email addresses you've ever used
What it tells you:
- Which companies leaked your data
- What type of data was exposed (password, address, SSN, etc.)
- When the breach occurred
Pro tip: Sign up for email notifications. When your data appears in a new breach, you'll be notified immediately — often before the company even announces it.
Method 2: Credit Bureau Breach Notifications
All three major credit bureaus — Equifax, Experian, and TransUnion — offer breach notification services.
Equifax: Free breach alerts at equifax.com
Experian: Free dark web monitoring with account
TransUnion: TrueIdentity free monitoring service
These services scan the dark web for your personal information and alert you when it appears.
Method 3: Company Breach Notifications
When companies experience breaches, they're legally required to notify affected customers. Check:
- Your email (including spam/promotions folders)
- Physical mail (breach notices often come as letters)
- The company's website/app (they often post notices)
Problem: Companies often bury breach notifications. They'll send them to email addresses you don't check, use vague subject lines, and make them look like junk mail. This is intentional.
Method 4: Panyar Automated Monitoring
This is what Panyar does differently. We connect to your email and financial accounts (read-only) and:
- Cross-reference your accounts with known breaches
- Monitor dark web markets for your personal data
- Track all active settlements you qualify for
- Alert you immediately when your data appears in new breaches
- Auto-file claims on your behalf
No searching. No checking databases. No missing notifications buried in spam. We find the breaches, we find the settlements, we file the claims.
What You Can Claim in a Data Breach Settlement
Data breach settlements typically offer several types of compensation. Understanding your options helps you maximize your claim.
Cash Payments
The headline number. Most settlements offer direct cash payments to affected individuals.
Reality check: Per-person cash payments are often smaller than you'd expect. When 147 million people are affected by Equifax and many file claims, even a $425 million fund gets diluted quickly.
Typical amounts: $5-100 for basic claims, potentially thousands for documented losses.
Credit Monitoring Services
Most data breach settlements include free credit monitoring, typically for 2-10 years.
What it includes:
- Monitoring of all three credit bureaus
- Alerts for new accounts, inquiries, and changes
- Identity theft insurance (typically $1 million)
- Dark web monitoring
Is it worth it? Credit monitoring services retail for $15-30/month. A 10-year monitoring package is worth $1,800-3,600. Often more valuable than the cash option.
Identity Restoration Services
Premium settlements include identity restoration assistance. If someone steals your identity, a specialist will:
- Work with creditors to dispute fraudulent accounts
- Help file police reports and FTC complaints
- Assist with IRS identity theft affidavits
- Navigate the bureaucracy on your behalf
Value: Identity theft victims spend an average of 200+ hours resolving cases. This service can save enormous time and stress.
Out-of-Pocket Expense Reimbursement
This is where significant money can be claimed. You can typically seek reimbursement for:
Direct financial losses:
- Unauthorized charges not refunded by banks
- Fees from fraudulent accounts (late fees, overdrafts)
- Costs of replacing documents (driver's license, passport)
- Credit report fees
Time and effort:
- Hours spent dealing with identity theft (typically $25/hour)
- Time on phone with creditors and agencies
- Time filing reports and paperwork
Professional services:
- Attorney fees (if you hired a lawyer)
- CPA fees (if tax fraud required professional help)
- Credit repair services
Maximum claims: Some settlements cap out-of-pocket reimbursement at $20,000-25,000. With documentation, significant claims are possible.
Step-by-Step Claim Process
Step 1: Verify Your Eligibility
Before filing, confirm you were actually affected by the breach.
How to verify:
- Check the settlement website's "Claim Lookup" tool
- Review the time period covered by the breach
- Confirm you had a relationship with the company (account, purchase, etc.)
Most settlements have lookup tools that verify eligibility by email or phone number.
Step 2: Gather Your Documentation
The strength of your claim depends on your documentation.
Basic claims (cash/credit monitoring):
- Government-issued ID
- Proof of address
- Email address or account number with breached company
Enhanced claims (out-of-pocket expenses):
- Bank/credit card statements showing unauthorized charges
- Receipts for fraud-related expenses
- Phone records showing time spent on fraud calls
- Police reports for identity theft
- FTC Identity Theft Reports
- Credit bureau dispute correspondence
- Notes/logs documenting time spent on resolution
Pro tip: Start documenting now, even before you file. Keep a log of every call, every hour spent, every expense. This contemporaneous evidence is powerful.
Step 3: Submit Your Claim
Online (preferred):
- Visit the official settlement website
- Create an account or enter your claim ID
- Fill out the claim form completely
- Upload documentation
- Select payment preference (check, PayPal, Venmo, direct deposit)
- Submit before the deadline
By mail (if required):
- Download and print the claim form
- Fill out completely (no blank fields)
- Attach copies of documentation (never originals)
- Mail via certified mail with tracking
- Keep copies of everything
Step 4: Wait (And Follow Up)
Data breach settlements take time. Typical timeline:
Weeks 1-4: Claim submission period
Months 2-6: Claim review and verification
Months 6-12: Court approval of distribution
Months 12-18: Payments issued
Follow up if:
- You don't receive a confirmation email
- The deadline approaches without payment
- You change address or payment method
Step 5: Receive Payment
Payments typically come via:
- Physical check (most common)
- PayPal/Venmo (increasingly available)
- Direct deposit (less common)
- Prepaid debit card
Important: Don't throw away unfamiliar checks. Settlement checks often come from third-party claims administrators with names you won't recognize.
Documentation Requirements: Building a Strong Claim
The difference between a $5 payout and a $5,000 payout is documentation. Here's how to build your case.
For Basic Claims
Required:
- Full legal name
- Current address
- Email address associated with breached account
- Phone number
- Last 4 digits of SSN (sometimes)
Helpful:
- Account number with breached company
- Dates of account activity
For Identity Theft Claims
Essential documentation:
- FTC Identity Theft Report (file at identitytheft.gov)
- Police report (many departments have online filing)
- Credit bureau dispute letters
- Bank/creditor fraud affidavits
Supporting evidence:
- Credit reports showing fraudulent accounts
- Correspondence with fraudulent creditors
- Collection notices for accounts you didn't open
- Evidence of denied credit due to fraudulent accounts
For Out-of-Pocket Expense Claims
Financial losses:
- Bank/credit card statements with fraudulent charges circled
- Receipts for fraud-related expenses
- Invoices from professionals (lawyer, CPA)
- Proof of unreimbursed losses
Time spent:
- Detailed log with dates, times, duration, and activities
- Phone records showing call duration
- Calendar entries
- Email correspondence timestamps
Format your time log like this:
| Date | Activity | Duration | Notes |
|---|---|---|---|
| 03/15/26 | Called Bank of America fraud dept | 2.5 hours | On hold 90 min, dispute filed |
| 03/16/26 | Filed FTC Identity Theft Report | 1 hour | Report #12345678 |
| 03/18/26 | Requested credit reports | 45 min | All three bureaus |
| 03/20/26 | Disputed fraudulent account with TransUnion | 1.5 hours | Submitted documentation |
At $25/hour, thorough documentation can add hundreds to your claim.
Equifax Settlement: Complete Details
Background
The 2017 Equifax breach was a watershed moment for data privacy. A credit bureau — a company whose entire business is protecting financial data — failed catastrophically.
What was exposed:
- Social Security numbers (147 million)
- Birth dates
- Addresses (current and historical)
- Driver's license numbers (tens of millions)
- Credit card numbers (209,000)
- Dispute documents with personal information (182,000)
Settlement Structure
The final settlement totals over $700 million:
Consumer restitution fund: $425 million (increased from original $380.5 million)
Additional funding: $125 million added when initial fund depleted
Cash alternative cap: Original $125 cash option reduced due to overwhelming claims
What You Can Still Claim
Free credit monitoring:
- 10 years through Experian (4 years remaining for early claimants)
- Includes all three bureaus
- $1 million identity theft insurance
Identity restoration:
- Up to 7 years of hands-on restoration services
- Dedicated case manager for identity theft victims
Out-of-pocket expenses:
- Up to $20,000 for documented losses
- $25/hour for time spent (up to 20 hours)
- Professional fees (attorney, CPA)
Extended claims: The settlement includes provisions for people who experience identity theft in the future that may be related to the breach.
How to Maximize Your Equifax Claim
- Opt for credit monitoring over cash if you don't already have it
- Document everything related to identity theft since September 2017
- File for time spent even if you didn't have direct financial losses
- Check for ongoing issues — the breach effects continue years later
T-Mobile Settlement: Complete Details
Background
T-Mobile has experienced multiple breaches, but the August 2021 breach was the largest. A hacker accessed customer databases through an unsecured router.
What was exposed:
- Names
- Dates of birth
- Social Security numbers
- Driver's license information
- Phone numbers
- Device identifiers (IMEI/IMSI)
- Account PINs (encrypted but vulnerable)
Settlement Structure
Total settlement: $350 million
Per-customer payout: Varies based on total claims (estimated $25-100)
Identity protection: Two years of McAfee ID Theft Protection
What You Can Claim
Automatic benefits (no action required):
- Enhanced security measures on your account
- Free account protection features
Claim-required benefits:
- Cash payment from settlement fund
- Identity theft protection enrollment
- Out-of-pocket expense reimbursement (up to $25,000)
California residents: Additional benefits under CCPA, including statutory damages.
Special Considerations
Multiple T-Mobile breaches: If you've been affected by multiple T-Mobile breaches (2018, 2019, 2020, 2021, 2023), you may qualify for multiple settlements. Track each separately.
Sprint/Metro customers: The 2021 breach included former Sprint customers. If you were a Sprint customer before the T-Mobile merger, check your eligibility.
Other Major Data Breach Settlements to Know
Marriott/Starwood — $52 Million Settlement
The breach: 500 million guest records exposed over four years (2014-2018). Passport numbers, credit cards, and reservation details stolen.
What to claim:
- Credit monitoring
- Reimbursement for passport replacement costs
- Out-of-pocket identity theft expenses
Capital One — $190 Million Settlement
The breach: 100 million customers and applicants had personal data stolen in 2019, including Social Security numbers and bank account numbers.
What to claim:
- Cash payments ($25+ for most claimants)
- Credit monitoring
- Identity theft expense reimbursement
Yahoo — $117.5 Million Settlement
The breach: 3 billion accounts breached across multiple incidents (2013-2016). The largest breach in history at the time.
Settlement status: Claims have been processed, but the case established important precedents for future breach settlements.
Timeline Expectations: When Will You Get Paid?
Data breach settlements move slowly. Here's a realistic timeline:
Months 1-3: Claims Period
- Settlement announced
- Claims website opens
- Initial filing deadline (usually 60-90 days)
Months 3-6: Review Period
- Claims administrator verifies submissions
- Requests for additional documentation
- Fraud detection and duplicate removal
Months 6-12: Court Approval
- Final approval hearing
- Objections addressed
- Distribution plan finalized
Months 12-18: Payment Distribution
- Checks mailed / electronic payments processed
- Unclaimed funds redistributed or returned
- Settlement closes
Total expected time: 12-24 months from announcement to payment
Why So Long?
- Legal requirements: Courts must approve settlements and distribution plans
- Claims verification: Administrators must verify eligibility and prevent fraud
- Appeals: Objectors can delay proceedings
- Logistics: Cutting checks for millions of people takes time
How to Track Your Claim
Most settlement websites have claim status portals. Keep your claim ID and check periodically. You should receive:
- Confirmation email after filing
- Receipt of any additional documentation
- Approval notification
- Payment notification with expected date
How Panyar Automatically Claims Data Breach Settlements
This is what we built Panyar to solve.
The Problem with Manual Claims
- Discovery: How do you know which breaches affected you?
- Tracking: How do you monitor dozens of ongoing settlements?
- Deadlines: How do you remember to file before each deadline?
- Documentation: How do you keep records organized for claims?
- Follow-up: How do you track claim status across multiple settlements?
For most people, the answer is: they don't. They miss settlements. They miss deadlines. They leave money on the table.
The Panyar Solution
Settlement Harvester — our automated claims module — handles everything:
Breach monitoring:
- Continuous monitoring of known breaches
- Dark web scanning for your personal data
- Instant alerts when your data appears in new breaches
Automatic matching:
- Cross-references your email addresses and accounts
- Identifies every settlement you qualify for
- No manual searching required
Auto-filing:
- Submits claims on your behalf before deadlines
- Uses your stored information (securely encrypted)
- Uploads documentation from your Receipts Vault
Status tracking:
- Monitors claim status across all settlements
- Alerts you when action is needed
- Notifies you when payments arrive
Documentation vault:
- Stores proof of identity theft expenses
- Maintains time logs for out-of-pocket claims
- Organizes everything for maximum payouts
How It Works
- Connect your accounts — Email and financial accounts (read-only access)
- We scan for matches — Your history is cross-referenced with breach databases
- We file claims — Automatically submitted before deadlines
- Money appears — Payments deposited as settlements pay out
You do nothing. Data breach settlements find you.
The Math
Average person qualifies for: 3-5 data breach settlements
Average settlement payout: $20-100 basic, $200-500 with documentation
Time to manually claim each: 1-2 hours
Time with Panyar: 0 hours
Even with our percentage of successful claims, you're getting money you would never have claimed otherwise.
Frequently Asked Questions
Q: Are data breach settlement payments taxable?
A: Generally, payments for emotional distress or compensatory damages from data breaches are taxable income. Reimbursements for actual out-of-pocket losses typically are not. Consult a tax professional for your specific situation.
Q: Can I claim from multiple data breaches?
A: Yes. Each breach is a separate settlement. If your data was exposed in Equifax, T-Mobile, and Capital One breaches, you can file claims for all three.
Q: What if I didn't experience identity theft?
A: You can still claim. Most settlements offer basic payments and credit monitoring to everyone affected, regardless of whether they experienced subsequent identity theft.
Q: Do I need a lawyer to file a claim?
A: No. Individual claim filing is straightforward. Lawyers are already involved in the class action itself — their fees come from the settlement fund, not from you.
Q: What if I missed the deadline?
A: Unfortunately, most settlements have firm deadlines. However, some settlements reopen for extended claims or have separate deadlines for identity theft victims. Check the settlement website for current status.
Q: How do I know if a settlement notice is legitimate?
A: Verify through official channels. Search for the settlement online. Check the FTC website. Never click links in emails — navigate directly to known settlement websites.
Q: Can I opt out of a data breach settlement?
A: Yes, but rarely advisable. Opting out preserves your right to sue individually, but individual lawsuits against major corporations are expensive and difficult. For most people, the class settlement is the practical option.
Take Action Now
Data breach settlements represent money you're legally entitled to — compensation for companies that failed to protect your personal information. But the system relies on your inaction. Every unclaimed dollar benefits the companies that wronged you.
Here's what to do today:
- Check haveibeenpwned.com with all your email addresses
- Search for your name on active settlement websites
- Gather documentation for any identity theft you've experienced
- Set calendar reminders for claim deadlines
- Or sign up for Panyar and let us handle it automatically
The money is there. It's yours. The only question is whether you'll claim it.
Last updated: March 2026. Settlement details, deadlines, and availability change frequently. Always verify current information on official settlement websites. This article is for informational purposes and does not constitute legal advice.