Thousands of Americans affected by a 2024 cyberattack on Bridgeway Center may be eligible for compensation through a class-action settlement offering payouts of up to $7,500 for documented losses.
What happened
A 2024 cyberattack targeting Bridgeway Center, a behavioral health services provider, exposed sensitive consumer information. The breach triggered a class-action lawsuit accusing the company of negligence in protecting client data. While Bridgeway Center denies any wrongdoing, it has agreed to settle the claims, with payouts reaching up to $7,500 for affected individuals.
See also: HIPAA Compliant Email: The Definitive Guide
Going deeper
The lawsuit, officially titled Bridgeway Center Cyber Incident Litigation (Case No. 2024-CA-1395), is being handled in the First Judicial Circuit Court for Okaloosa County, Florida. The plaintiffs argued that the breach was preventable and occurred due to the company's failure to implement reasonable security measures. Settlement payments will be made to class members who can provide documentation of their losses or proof of their data being compromised.
Eligible claimants can receive:
- Up to $5,000 for extraordinary losses resulting from the breach.
- $1,500 for ordinary losses and time spent addressing the fallout.
- $125 for individuals without documented expenses.
The deadline to file claims is December 26, 2024. Claimants must provide evidence such as account statements, receipts, or bills. Fraudulent submissions, filed under penalty of perjury, can undermine compensation for other victims.
Related:
What was said
According to the Bridgeway Center Cyber Incident Litigation Class Action Settlement Website, the settlement arises from a cyber incident identified on or around February 21, 2024, potentially exposing employees' and patients' sensitive personal information (PII and PHI).
The website explains: “Personal Information includes Personally Identifiable Information or PII, such as full names, addresses, Social Security numbers, and financial information, as well as Protected Health Information or PHI, including information related to patients’ care, treatment, diagnosis, appointments, health insurance and billing information, and other health-related records.” Members—those notified in May 2024 or whose data was impacted—are eligible for compensation.
Details on submitting claims, opting out, or objecting are available on the settlement website. Claims must be postmarked by December 26, 2024, and the court must approve the settlement before payments are made.
Why it matters
Data breaches are becoming increasingly common and can leave individuals vulnerable to identity theft, financial loss, and emotional distress. This settlement demonstrates the importance of corporate responsibility in safeguarding sensitive information. It also provides affected individuals an opportunity to recover damages while emphasizing the legal consequences of inadequate cybersecurity
FAQs
What is a settlement claim?
A settlement claim is a request for compensation submitted by an individual who qualifies for a payout under a legal settlement, typically following a class-action lawsuit.
How do I know if I’m eligible for a settlement claim?
Eligibility details are outlined in the settlement notice or documentation. Generally, individuals whose rights were impacted, such as those notified of a data breach, are eligible.
Can I opt out of the settlement?
Yes, opting out preserves your right to pursue separate legal action but disqualifies you from receiving any settlement payment.
Tshedimoso Makhene
