Apex Class Action Data Breach Affects SSNs

On July 25, 2025, Apex Class Action, a third-party settlement administrator based in Irvine, California, learned that personal information belonging to individuals involved in class action and PAGA matters had been exposed due to a breach at one of its vendors. The cybersecurity incident was traced to IMDataCenter, an address lookup vendor used by Apex Class Action.

Apex Class Action was alerted by IMDataCenter about the data breach on July 14, 2025. An investigation took place, and it was determined that Apex Class Action data on file with IMDataCenter was accessed without authorization.

A review revealed that personally identifiable information was compromised in the data breach, including Social Security numbers. Apex Class Action began notifying impacted individuals on Aug. 15, 2025.

The breach was reported to the California Attorney General’s office on Aug. 18, 2025, and to the Massachusetts Attorney General’s office on Aug. 19, 2025. The total number of impacted individuals has not been released, but it is believed that the IMDataCenter breach compromised several other companies, in addition to Apex Class Action.

Apex Class Action's response

Apex Class Action LLC launched an investigation to determine the scope and impact of the incident. In addition to required state and federal disclosures, Apex is offering impacted individuals 24 months of free 3-bureau credit monitoring services through TransUnion.

If you receive a data breach notice from Apex Class Action, you may want to:

• Sign up for the free credit monitoring services, provided by Apex.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about the administrator can be found on the Apex Class Action website.