Data Breach Settlement Calculator
Estimate your payout based on the type of data exposed and harm experienced
Last reviewed: March 2026
Data Breach Settlement Estimator
$500M Settlement Fund
Est. 5,000,000 eligible claimants
Your Details
Your Estimated Payout
$16 — $24
Editorially Reviewed — Content reviewed for accuracy using published legal research, government data, and verified court records. See our methodology
How Data Breach Settlements Work
When a company fails to protect your personal data and a breach occurs, affected individuals can seek compensation through a class action lawsuit. If the case settles, the company pays into a settlement fund that is distributed among class members who file valid claims. The amount each person receives depends on the type and sensitivity of data exposed, whether they suffered actual financial harm, and the total number of claims filed.
Data breach settlements have grown significantly in recent years. The Equifax breach resulted in a $700 million settlement, T-Mobile paid $350 million, and Facebook/Meta settled for $725 million. These landmark cases established precedents for how companies are held accountable for data security failures and how compensation is calculated for affected consumers.
Our calculator uses data from dozens of settled class action cases to estimate your potential payout. The key variables are the sensitivity of compromised data (medical records command the highest compensation), whether you experienced actual identity theft, and how the breached company handled disclosure. See our methodology page for details on how we generate estimates.
Average Data Breach Settlement Amounts by Data Type
| Data Type | Typical Range | Notes |
|---|---|---|
| Email / username only | $25 – $100 | Lowest tier; limited harm documented |
| Financial data (cards, bank info) | $100 – $500 | Higher if fraudulent charges occurred |
| Social Security Number | $250 – $1,000 | Requires credit monitoring; high identity theft risk |
| Medical / health records | $500 – $2,500 | HIPAA violations increase settlement value |
| Identity theft occurred | $1,000 – $10,000+ | Documented financial harm significantly increases payout |
Ranges based on analysis of settled class action lawsuits from 2018-2026. Individual results vary based on specific case details and number of claimants.
Major Data Breach Settlements
| Company | Settlement | Affected | Per Person |
|---|---|---|---|
| Equifax (2019) | $700M | 147 million | $125 - $20,000 |
| T-Mobile (2022) | $350M | 76.6 million | $25 - $25,000 |
| Facebook/Meta (2023) | $725M | 87 million | $30 - $5,000 |
| Capital One (2022) | $190M | 100 million | $25 - $25,000 |
| Yahoo (2020) | $117.5M | 3 billion | $25 - $375 |
| Anthem (2018) | $115M | 78.8 million | $50 - $10,000 |
Settlement amounts are approximate and based on publicly available court filings and press reports. Per-person ranges reflect base payments to documented identity theft claims.
Factors That Affect Your Data Breach Payout
- Type of Data Exposed: The sensitivity of your compromised data is the single biggest factor in your payout. Medical records and Social Security numbers command the highest compensation because they create the greatest risk of identity theft and financial harm. Email-only breaches receive minimal payouts because the data has limited exploitability.
- Documented Financial Harm: Claimants who can prove actual financial losses -- such as fraudulent charges, costs of credit monitoring, time spent resolving identity theft, or lost income -- receive significantly higher payouts. Keep receipts, bank statements, and records of time spent dealing with the breach aftermath.
- Company Response Time: Companies that delayed disclosure or attempted to conceal a breach often face larger settlement funds and higher per-person payouts. Delayed notification gives attackers more time to exploit stolen data, increasing the harm to affected individuals. Most state laws require notification within 30-90 days.
- Scale of the Breach: Larger breaches typically result in bigger settlement funds but more claimants. Paradoxically, smaller breaches with fewer affected individuals sometimes yield higher per-person payouts because the pool of claimants is smaller relative to the fund size.
- Regulatory Environment: Breaches involving HIPAA-protected health data, CCPA-covered California residents, or data from children (COPPA) often result in higher settlements due to additional regulatory penalties and statutory damages. State privacy laws like the Illinois BIPA have led to some of the largest per-person payouts in data privacy history.
How to File a Data Breach Settlement Claim
- Check your eligibility. Confirm that you had an account with the breached company during the class period. Look for notification letters or emails from the company or settlement administrator.
- Gather documentation. Collect evidence of your account, any fraudulent activity, out-of-pocket expenses (credit monitoring, identity theft protection), and time spent resolving issues. Bank statements, police reports, and FTC identity theft reports strengthen your claim.
- File your claim online. Visit the official settlement website listed in your notification. Complete the claim form and upload supporting documentation. Most settlements allow online filing with a deadline 60-180 days after notification.
- Wait for processing. Settlement administrators review claims after the filing deadline. Payouts typically arrive 6-18 months after final court approval, via check, direct deposit, or digital payment depending on the settlement terms.
Frequently Asked Questions
What qualifies as a data breach settlement?
A data breach settlement is a legal resolution of a class action lawsuit filed against a company that failed to adequately protect personal data. When a company experiences a data breach that exposes customer information -- such as Social Security numbers, financial data, or medical records -- affected individuals can join a class action to seek compensation. Settlements are reached when the company agrees to pay a fund to affected users rather than go to trial.
How much is the average data breach settlement per person?
Average per-person payouts vary widely depending on the type of data exposed and the severity of harm. Email-only breaches typically pay $25-$100, financial data breaches $100-$500, SSN exposures $250-$1,000, and medical record breaches $500-$2,500. If you experienced actual identity theft, payouts can reach $10,000 or more. The Equifax settlement, for example, offered up to $20,000 for documented identity theft victims.
How do I join a data breach class action settlement?
Most data breach settlements require you to file a claim through the official settlement website before the filing deadline. You typically need to provide proof that your data was in the breached system (such as an account with the company during the breach period) and documentation of any losses. The breached company or settlement administrator usually sends notification to affected individuals by email or mail. You can also check sites like classaction.org or the FTC's website for active settlements.
What is the statute of limitations for data breach lawsuits?
The statute of limitations for data breach claims varies by state and legal theory. Most states allow 2-4 years from the date you discovered (or should have discovered) the breach. Some states, such as California under the CCPA, have specific data privacy statutes with their own timelines. Federal class actions may have different deadlines. It's important to act quickly once you learn about a breach, as missing the filing deadline means you cannot participate in the settlement.
Why do data breach settlements pay so little per person?
Data breach settlements divide a fixed fund among all valid claimants. When millions of people are affected, even a $700 million fund (like Equifax) results in modest per-person payments for those without documented losses. The more claims filed, the less each person receives. However, individuals who can document actual financial harm -- such as identity theft, fraudulent charges, or time spent resolving issues -- typically receive significantly higher payments from a separate tier of the settlement fund.
What recent data breach settlements can I still file claims for?
Active class action settlements change frequently. Major recent settlements include those involving T-Mobile, 23andMe, AT&T, and various healthcare providers. Check the official settlement notice you received, the FTC's refund page (ftc.gov/refunds), or class action tracking websites for current filing deadlines. Many settlements remain open for claims for 60-180 days after the initial notification period.