Imagine that you open your email to find a notice that you’ve been part of a data breach. The message says you’re entitled to a settlement payout as part of a class-action lawsuit. What do you do next?

With cyber crime as rampant as it is today, this scenario is a reality for many people. If you find one of these data breach class-action settlement notices in your inbox, here’s what you should do.

Why Did You Get a Data Breach Settlement Notice?

upclose of a row of mailboxes with a teal one in the front

The first thing you may ask about a settlement payout notice is why you got one. If you’ve received one of these letters, it means a service you use experienced a data breach that could’ve exposed users’ personal information. Someone or multiple people filed a lawsuit against the company, leading it to offer users money to settle the issue.

Just because you received one of these letters doesn’t necessarily mean the breach exposed your data. For example, in the 2020 Yahoo data breach lawsuit, anyone who had an account between 2012 and 2016 could join the settlement. Still, it’s a good idea to protect your account by changing your password and enabling multi-factor authentication anyway.

Sometimes these settlements happen when there’s just a chance of a data breach tied to misleading business practices. That was the case in 2021 when Zoom agreed to pay $85 million after lying about offering end-to-end encryption.

How Can You Be Sure the Notice Is Genuine?

At first, notices about data breach class-action settlements can seem suspicious. After all, the promise of free money sounds exactly like the kind of tactics phishing attempts use. Given the risk of phishing, you should make sure the notice is legitimate before taking any other steps.

The attorneys behind class-action lawsuits get your contact information from company documents while investigating the issue. A cyber criminal may find your email address by scouring the web or reading through website visitor data. If you get a notice about a beach from a service you don’t use, it’s probably a scam.

If the notice is about something you use or have used in the past, check to ensure there was an actual data breach or related incident. If nothing comes up, it’s likely fake. Also, be on the lookout for suspicious-looking email addresses, links, and spelling mistakes, which typically indicate phishing.

What Happens if You File a Claim?

upclose of man in front of stairs buttoning up his navy blue suit jacket

After verifying that the notice is real, it’s time to consider filing a claim. This process often doesn’t play out as many people expect it to.

The legal system is complicated, and these class-action suits typically involve more than meets the eye. For example, a Consumer Financial Protection Bureau report found that less than 7% of people who’ve signed arbitration agreements realized that these clauses limit their ability to file a lawsuit. Since legal proceedings can involve complications like this, here’s a look at what you can expect.

What Does the Data Breach Lawsuit Process Look Like?

Sometimes, you’ll receive a notice while the data breach lawsuit is still going on. If it’s an ongoing case, you don’t have to do anything, and the email is just notifying you there could be money down the line. If it’s settled, there should be instructions on how to receive your settlement payout.

In many cases, all you’ll have to do is provide some information. The email will most likely give you a link to a settlement website and a claim number. Enter that number and fill in a few personal details to verify your identity, and provide the court with a way to send you your money.

After the court verifies the settlement and your claim, they’ll send your payment through one of a few ways. You may get a check in the mail, it may be a debit card, or they may deposit money directly into your bank account.

How Long Will It Take?

How long that process takes can vary. If it’s an ongoing case, you can expect to wait at least a few months. In that scenario, you may not end up getting anything, as the court could rule against the lawsuit.

If the case is settled, it won’t be quite as long a wait but may still take time. The notice you receive should also include a deadline to file your settlement claim. Since the payout size often depends on how many people file, you’ll probably have to wait until at least that date to receive your money.

How Much Money Will You Get in the Settlement Payout?

The overall figures for data breach class-action settlements certainly look impressive, but that’s not what you’ll receive. That number will be divided among every person who files a claim, which is likely a lot. For example, TikTok’s recent $92 million settlement had roughly 89 million eligible users.

Not every user will claim a settlement, which leaves more money for those who do. Still, many people will file, so your check might be substantially smaller than you’d expect. The attorneys running the suit will also take fees out of the payment, leaving you with even less.

In the TikTok example, most users would receive less than a dollar if everyone applied. Those facing lower fees would still get just under $6. You may get more depending on your case, but it won’t likely be an impressive sum.

What if You Don’t File a Claim?

wooden gavel centered on a white wooden table

What if you don’t want to file a claim in the data breach lawsuit? If you don’t want to, you don’t have to. There are no legal obligations to join the suit, so if you’re uninterested or don’t trust its legitimacy, you can leave it alone.

You could argue that joining others in filing a claim helps make a point to keep companies accountable. If they’ve already agreed on the settlement payout, the financial hit has likely taught them that lesson.

Filing a Claim: The Decision Is Up to You

Whether you should file a claim in a data breach settlement is entirely up to you. If you want a chance to get some money or make a stand against poor security practices, join the suit. The settlement payout may be low and the process long, but it doesn’t cost you anything but time.

Data breach class-action settlements stand as an example of how crucial reliable cybersecurity is. Regardless of whether you file a claim, these suits encourage companies to be more careful with user data.