Highlights

• LoanCare agrees to a $5.9 million settlement following a 2023 data breach affecting 1.3 million individuals.
• Affected individuals can claim up to $6,500 for documented losses or receive a $100 flat-rate payment.
• The settlement includes three years of comprehensive identity monitoring services.
• Deadline to submit claims is June 4, 2025; final approval hearing set for September 4, 2025.

On April 29, 2025, LoanCare and Fidelity National Financial announced they would pay a $5.9 million settlement to resolve the class-action litigation. The settlement covers all U.S. individuals who received a breach notice informing them that their personal data might have been accessed during the November 2023 breach.

The $5.9 Million Settlement

On April 29, 2025, LoanCare and Fidelity National Financial announced they would pay a $5.9 million settlement to resolve the class-action litigation. The settlement covers all U.S. individuals who received a breach notice informing them that their personal data might have been accessed during the November 2023 breach. The settlement structure is comprehensive:

• Ordinary losses: Claimants may recover up to $1,500 for documented expenses such as credit monitoring, fees, and service charges.
• Extraordinary losses: Documented out-of-pocket fraud or identity theft damages are eligible for up to $5,000 reimbursement.
• Flat-rate payment: Individuals who suffered no quantifiable harm may opt for a flat $100 payment (adjusted pro rata).

In addition, all class members are entitled to three years of identity-monitoring services, including credit monitoring, dark web scanning, identity restoration support, and up to $1 million in identity-theft insurance. Those who were already enrolled in LoanCare’s two-year monitoring program will receive one additional year under the settlement.

Impacted Population and Notification Timeline

According to court records, about 1.3 million persons were impacted by the breach, and they were all formally notified of it starting on December 13, 2023. According to the letter, on or around November 19, LoanCare found unauthorized access to Fidelity National Financial’s networks, and further investigations revealed that personal information might have been compromised. Despite the concerning revelation, ALPHV/BlackCat ransomware was not mentioned in the first breach notices until many months after cybersecurity researchers discovered the group’s activity. The plaintiffs’ main contention was that LoanCare had not adequately informed customers about the seriousness of the incident and its aggressive character.

Legal Claims and LoanCare’s Defense

Due to their failure to maintain proper cybersecurity hygiene, LoanCare and Fidelity National were charged in the class-action lawsuits with carelessness, breach of implied contract, and breach of fiduciary duty. Citing a failure to adopt common security procedures, including multi-factor authentication, network segmentation, and threat monitoring, the plaintiffs contended that the hack was predictable. Additionally, they asserted that LoanCare’s breach notifications were inadequate and failed to alert users to the possibility of ransomware involvement appropriately.

LoanCare’s response involved neither an admission of wrongdoing nor an acceptance of liability; instead, the company agreed to the settlement as a practical resolution to close the protracted legal process. According to court filings, the planned $5.9 million payout would be allocated across settlements, legal fees (up to $1.97 million), administrative costs (estimated at around $350,000), identity monitoring, and claimant reimbursements.

Claim Process, Deadlines, and Compensation

To receive compensation, affected individuals must submit a claim form—online or by mail—with supporting documentation for any claimed losses (e.g., receipts for credit monitoring, bank statements, or police reports), or alternatively opt for the flat payment. The settlement administrator confirmed several important deadlines:

• June 4, 2025: Final day to file a claim.
• July 7, 2025: Deadline to opt out and retain individual litigation rights.
• August 5, 2025: Deadline to file objections to the settlement.
• September 4, 2025: Final approval hearing scheduled in court.

Payments will be issued after the court grants final approval and any appeals are resolved, with disbursements expected shortly thereafter.

Compensation Ranges and Identity Monitoring Benefits

Due to the pro-rata adjustment mechanism, the exact payout per claimant depends on the number of valid entries. However:

• Ordinary loss payouts: up to $1,500 per individual.
• Extraordinary loss payouts: up to $5,000, with documentation.
• Flat payment: $100 each, divided among non-claimants.
• Identity monitoring: Three years of coverage, including services like credit alerts, dark web scans, fraud insurance (up to $1 million), and specialist support.

Total per-person recovery could reach approximately $6,500 if both types of documented losses are claimed .

Broader Context: Ransomware and Rise of Mortgage-Sector Attacks

LoanCare’s data breach wasn’t an isolated financial services incident. 2023 saw an uptick in ransomware and supply-chain breaches across mortgage and financial institutions. Attackers like ALPHV/BlackCat have continued to target large enterprise systems, capturing personal data to facilitate identity theft, targeted financing fraud, or direct ransomware extortion. The LoanCare breach underscores the sector’s weak cybersecurity posture in many legacy systems, prompting calls for enhanced protection protocols industry-wide.

Calls for Stronger Security

The LoanCare settlement highlights several key takeaways:

1. Risk mitigation through settlement: By choosing to settle instead of risking more severe damages or legal precedent, LoanCare minimized uncertainty and expense.
2. Need for robust cyber defences: To protect consumer data, financial entities must invest in strong cybersecurity practices, such as multi-factor authentication, network segmentation, constant monitoring, and business continuity planning.
3. Transparency matters: Prompt and open breach communications, including acknowledging ransomware involvement, enhance trust and may reduce legal risk.
4. Prepare for class-action fallout: Organizations in data-sensitive industries must anticipate regulatory, civil, and reputational impacts from breaches and prepare accordingly.

Conclusion: Settlement Signals Sector Alert

LoanCare’s $5.9 million settlement resolves class-action claims stemming from its November 2023 breach, providing up to $6,500 per individual, identity monitoring, and financial compensation. While LoanCare did not admit liability, the settlement reflects litigants’ success in pressing for accountability and change. More broadly, the incident illustrates that cybersecurity failures in the financial and mortgage sectors carry not only financial liability but also long-term trust and compliance implications.

Affected individuals should consider filing claims before the June 4, 2025, deadline, and institutions across the industry must heed this warning by reinforcing data protections. The LoanCare breach and others like it signal that cybersecurity is no longer optional but a fundamental component of customer trust and operational integrity in today’s digital landscape.