Fidelity Investments has agreed to pay $2.5 million to settle a class action lawsuit over a data breach tied to a cyberattack that ran from Aug. 17 to Aug. 19, 2024. The case, filed in a Massachusetts federal court, says an unauthorized person entered Fidelity's systems and accessed customers' personal data.
The settlement covers more than 77,000 customers who were notified about the breach, as well as roughly 86,000 customers whose financial account numbers and routing numbers were exposed. People who can show they lost money because of the breach may seek up to $5,000, with eligible losses including identity theft, professional fees or credit monitoring costs. Other class members are set to receive about $100, though that amount could change depending on how many claims are filed. California residents can receive an extra $50 under the state's Consumer Privacy Act.
Fidelity has not admitted to any wrongdoing. The deal also gives all settlement members two years of identity theft protection and credit monitoring, along with up to $1 million in insurance against fraud and identity theft.
The lawsuit centers on a breach that plaintiffs say exposed customer names, Social Security numbers, driver's license details and financial account information, according to MSN. They argued Fidelity could have prevented the incident with better cybersecurity tools. The company did not accept that claim in agreeing to the settlement, and a judge still has to approve the deal before any payments go out.
The court has scheduled a final approval hearing for July 9, 2026. Class members must file claims by July 27, 2026, and anyone who wants out of the settlement must do so by June 26, 2026. Claims can be submitted at fidelitydatasettlement.com, and people unsure about eligibility can contact the settlement administrator at [email protected] or 386-6470.
