US Bank Agrees to $2.38M Settlement After Data Breach Exposed 200,000+ Customer Records

Union Bank and Trust will pay up to $12,000 per customer after hackers exploited a third-party software vulnerability in 2023, exposing Social Security numbers and personal data.

US Bank Agrees to $2.38M Settlement After Data Breach Exposed 200,000+ Customer Records

US Bank Agrees to $2.38M Settlement After Data Breach Exposed 200,000+ Customer Records

Union Bank and Trust (UBT) has reached a $2.38 million settlement to resolve a class-action lawsuit stemming from a major cybersecurity incident that compromised the personal information of approximately 207,824 current and former customers.

The breach occurred between May 27 and May 31, 2023, when attackers exploited a critical vulnerability in MOVEit, a widely-used file-transfer application operated by an external vendor that UBT relied upon. According to Ta Nea, the intrusion allowed the perpetrators to access names and Social Security numbers belonging to hundreds of thousands of account holders.

Plaintiffs alleged that the Nebraska-based financial institution failed to implement adequate cybersecurity safeguards, leaving sensitive consumer data vulnerable to identity theft and financial fraud. While UBT has not admitted fault or negligence, the bank accepted the monetary arrangement to avoid prolonged litigation.

The compensation framework establishes several tiers of payment for affected U.S. residents. Individuals who demonstrate documented financial losses or fraud tied directly to the breach may claim up to $10,000 in extraordinary damages, bringing the maximum possible recovery per claimant to roughly $12,000 when combined with standard-loss reimbursements.

Those who incurred routine expenses—such as credit-monitoring subscriptions, identity-theft insurance, credit-report fees, or banking charges—can seek reimbursement of up to $2,500. The settlement also compensates victims for time spent addressing the fallout at a rate of $25 per hour. Even customers who suffered no measurable financial harm but whose records were exposed are eligible for a flat $100 payment.

As part of the agreement, all class members will receive two years of complimentary credit-monitoring and identity-theft protection through the three largest U.S. credit bureaus.

Final individual payouts may be adjusted proportionally depending on the total number of valid claims submitted. Eligible customers must file their applications through the official portal by July 21, 2026.

Source: Ta Nea