Fidelity Investments has agreed to a $2.5 million class-action settlement tied to an August 2024 cybersecurity incident, giving eligible customers a path to seek cash payments, reimbursement for documented losses and identity protection services. The deal does not include an admission of wrongdoing, and payments will depend on final court approval and the number of valid claims submitted.
Who May Qualify For The Settlement
The settlement covers people who received a notice stating that their financial account number and routing number were compromised during the Fidelity data incident between August 17 and August 19, 2024.
The class-action case alleged that Fidelity failed to adequately protect sensitive customer information before the breach. Fidelity has denied wrongdoing but agreed to resolve the litigation through the proposed settlement fund.
Customers who did not receive a notice are not automatically included. Eligibility is tied to whether Fidelity identified them as part of the affected group. That distinction matters because data breach settlements usually require claim administrators to match submissions against official notice records before approving payments.
What Affected Customers Can Claim
Eligible class members may seek up to $5,000 for documented monetary losses connected to the breach. Those claims can include unreimbursed fraud losses, identity theft costs, professional fees, credit-related expenses and other verified out-of-pocket costs linked to the incident.
Class members may also claim an estimated cash payment of about $100, though the final amount could rise or fall based on how many people file valid claims and how much of the settlement fund is used for reimbursements, legal fees, service awards and administration costs.
California residents in the settlement class may be eligible for an additional $50 payment under state privacy law provisions.
The settlement also includes two years of identity theft protection and credit monitoring. That package includes up to $1 million in fraud and identity theft insurance, offering an added layer of protection for people concerned about future misuse of their information.
Key Deadlines And Court Approval
The claim deadline is July 27, 2026. Class members seeking payment or identity protection benefits must submit a valid claim form by that date.
Those who want to exclude themselves from the settlement or object to its terms face an earlier deadline of June 26, 2026. Excluding oneself preserves the right to pursue separate legal claims, while objecting allows a class member to remain in the settlement but challenge parts of the agreement.
A final approval hearing is scheduled for July 9, 2026. The court must approve the deal before payments are distributed. Even after approval, distribution can take additional time if objections or administrative reviews delay the process.
What Happened In The 2024 Breach
The incident occurred over three days in August 2024, when an unauthorized third party gained access to certain information through customer accounts that had recently been established. Fidelity has said the event did not involve direct access to customer accounts or funds.
Regulatory materials connected to the breach described unauthorized access to an internal database containing document images. The exposed information included sensitive personal and financial details for tens of thousands of people, including some noncustomers connected to customer transactions, such as relatives or beneficiaries.
Fidelity has said it terminated the unauthorized access after detecting the activity, opened an investigation with outside security experts and notified law enforcement and regulators. The company has also said it has not found evidence that identity theft or fraud occurred as a result of the incident.
Separate Massachusetts Action Added Regulatory Pressure
The class-action settlement is separate from a $1.25 million regulatory settlement Fidelity reached with Massachusetts officials over allegations tied to the same 2024 breach. That action focused on claims that the firm failed to follow certain internal cybersecurity controls and did not notify some noncustomer individuals whose information may have been exposed.
Under that regulatory resolution, Fidelity agreed to additional cybersecurity steps, including outside review and enhanced safeguards. The firm did not admit or deny the allegations in that matter.
The combination of private litigation and regulatory action reflects the higher scrutiny facing large financial firms that hold sensitive identity, account and beneficiary information. Even when customer funds are not accessed, exposed personal data can create long-term fraud and identity risks.
Why The Settlement Matters Now
For affected customers, the immediate issue is practical: filing a claim before the July deadline and preserving records that support any loss request. Documentation may be critical for anyone seeking more than the estimated flat cash payment.
The broader significance is that financial institutions are facing growing legal pressure over data security incidents that expose personal information even without direct account theft. Settlements like this one often resolve disputed claims without a trial, but they also set expectations for notification, monitoring services and reimbursement when sensitive financial data is compromised.
Until the court grants final approval, the settlement remains pending. Eligible customers who want compensation or credit monitoring must act within the claims window, while those seeking to challenge or leave the deal must meet the earlier June deadline.
