University of St. Thomas Data Breach Class Action Settlement
University of St. Thomas Data Breach Class Action Settlement

Current and former students and other individuals who received a notice from the University of St. Thomas about a data breach that occurred between July 25, 2025 and Aug. 12, 2025, may be eligible to submit a claim up to $4,500 from a class action settlement. The ransomware incident impacted over 26,000 people.

University of St. Thomas has agreed to pay to settle a class action lawsuit for alleged failures to adequately protect private information. The complaint was filed after a cyberattack occurred, in which unauthorized parties accessed files containing sensitive data such as Social Security numbers, bank account details, credit card numbers, government ID information, logins and passwords, home addresses, email addresses, phone numbers, donor and club membership information, and other confidential records.

Who can file a claim for a data breach payout?

Class members are individuals residing in the United States who were mailed a notice by University of St. Thomas stating their personal information was potentially compromised as a result of the data breach that occurred between July 25, 2025 and Aug. 12, 2025.

How much are settlement payments?

Class members have the following benefit options:

  • Ordinary losses: Class members can claim up to $500 for documented out-of-pocket expenses related to the data breach. Eligible expenses include professional fees, such as attorneys or accountants, credit repair services, costs to freeze or unfreeze credit, credit monitoring costs incurred between July 25, 2025 and Sept. 28, 2026, copy fees, notary fees, mileage and postage for contacting financial institutions.
  • Extraordinary losses: Class members can claim up to $4,500 for documented, unreimbursed monetary losses resulting from fraud or identity theft that was more likely than not caused by the breach. Losses must have occurred after the data incident, must not be covered by other claims, and the claimant must have exhausted all available credit monitoring or identity theft insurance.
  • Losses related to sensitive personal information: Class members can submit to receive a $100 cash payment if they experienced a disclosure of sensitive personal information, such as employment files, disciplinary records, or other private information, and can provide third-party documentation showing the disclosure was more likely than not caused by the data breach.
  • Credit monitoring: Class members can also elect to receive three years of one-bureau credit monitoring and identity theft protection services, which includes at least $1,000,000 in identity theft insurance.
  • Alternative cash payment: Class members that do not submit an ordinary losses, extra-ordinary losses, losses related to sensitive personal information or credit monitoring claim can submit to receive a $50 cash payment.

How to claim a class action rebate

To receive a settlement payment, class members can file a claim online or print the PDF claim form to complete and mail to the settlement administrator.

Settlement administrator's mailing address: UST Data Settlement, P.O. Box 25226, Santa Ana, CA 92799

The claim deadline is Sept. 28, 2026.

Required proof and claim information

  • The loginID and pin from the settlement notice is required to submit a claim online. The loginID is required to submit a claim by mail.
  • Ordinary losses claims require supporting documentation, which may include receipts, invoices or other third-party documentation of expenses.
  • Extraordinary losses require supporting documentation showing monetary losses, proof of identity theft or fraud, and evidence that all available insurance or reimbursement options have been exhausted.
  • Losses related to sensitive personal information claims require proof showing the disclosure was more likely than not caused by the data breach.

Payout options

  • Paper check mailed to the address provided
  • Electronic payment

Settlement fund

The settlement fund will include:

  • Settlement administration costs: To be determined
  • Attorneys' fees, costs, and expenses: Up to $240,000
  • Service award to class representative: Up to $4,000
  • Credit monitoring: Cost determined by number of claims filed
  • Payments to approved claimants: Total determined by number of valid claims filed

Important dates

  • Opt-out deadline: Aug. 28, 2026
  • Claim deadline: Sept. 28, 2026
  • Fairness hearing: Date to be determined

When is the University of St. Thomas data breach settlement payout date?

Payments will be issued to approved claimants approximately 90 days after the court grants final approval, or within 30 days after claim processing is completed, whichever is later.

Why did this class action settlement happen?

The class action lawsuit was filed because unauthorized access to the University of St. Thomas network resulted in the exposure of sensitive personal information. The plaintiff claimed that the university failed to adequately protect this information, leading to potential harm for those affected.

University of St. Thomas denies the allegations, but agreed to settle to avoid the expense and uncertainty of continued litigation.

Sources

  1. Official settlement website FAQ page
  2. Class notice
  3. Official claim form
  4. Settlement agreement
Settlement Open for Claims
Award:
$50 - $4,500
Deadline:
September 28, 2026
SUBMIT CLAIM