Facebook (now Meta Platforms) agreed to pay $725 million to settle a class action lawsuit over the Cambridge Analytica data breach, making it the largest privacy settlement in U.S. history. As many as 87 million Facebook users had their personal information improperly shared with Cambridge Analytica, a data analytics firm that worked with Donald Trump’s 2016 campaign. The scandal first became public in 2018, when journalists and researchers revealed that the company had harvested millions of users’ personal data without their knowledge or consent to build detailed psychological profiles for political targeting.
The settlement was approved in December 2022, and by September 2025, Meta began distributing payments to validated claimants. If you were a Facebook user between May 24, 2007 and December 22, 2022, you may be entitled to compensation. This settlement represents a landmark moment in privacy law—one of the first major victories for consumers suing a tech giant over unauthorized data sharing. However, the average payout per claim is modest, and the settlement process involves specific eligibility requirements and claims deadlines.
Table of Contents
- How Much Is the Facebook Cambridge Analytica Settlement and What Does It Cover?
- What Happened with Cambridge Analytica and How Did Facebook Users’ Data Get Exposed?
- Who Is Eligible to File a Claim for the Facebook Settlement?
- How Much Money Can You Expect from the Facebook Settlement?
- What Are the Important Limitations and Considerations?
- How Does This Settlement Compare to Other Privacy Settlements?
- What’s Next for Meta and Privacy Lawsuits?
- Conclusion
How Much Is the Facebook Cambridge Analytica Settlement and What Does It Cover?
The total settlement amount is $725 million, which Meta agreed to pay in December 2022. However, not all of that money goes directly to class members. Approximately $540 million is allocated specifically to cover validated class member claims. The remaining funds are used for attorneys’ fees, administrative costs, and settlements with state attorneys general. This structure is common in large class action settlements, but it’s important to understand that the actual claims pool is substantially lower than the headline settlement figure. The settlement compensates Facebook users for the unauthorized disclosure of their personal information to Cambridge Analytica.
The covered data included profile information, likes, friends lists, and behavioral data that third-party developers could access through apps. This information was collected without explicit consent and used to build detailed political profiles. Unlike some other privacy settlements that cover multiple different harms, this settlement focuses specifically on the Cambridge Analytica data exposure and the class period covers exactly 15 years of Facebook usage. One important limitation: Meta did not admit any wrongdoing as part of the settlement agreement. This means the company did not concede that it violated users’ privacy rights, and the settlement is not considered an admission of liability. From a legal standpoint, this protects Meta’s interests, but from a claimant perspective, it means the settlement is based on a negotiated compromise rather than a court finding that the company violated the law.
What Happened with Cambridge Analytica and How Did Facebook Users’ Data Get Exposed?
Cambridge Analytica was a political consulting firm that specialized in “psychographic” profiling—building detailed psychological and behavioral profiles of voters based on their digital footprints. The firm worked with the Trump 2016 campaign, the pro-Brexit movement in the UK, and other political campaigns globally. The company obtained its massive dataset through a combination of purchases, partnerships, and most infamously, through a loophole in Facebook’s developer API that allowed apps to harvest user data at scale. The mechanism of the breach worked like this: researchers at Cambridge University created a personality quiz app on Facebook. When users downloaded and used the app, it collected not only their personal quiz answers but also data from their Facebook profiles and their friends’ profiles. Critically, this happened without most users realizing the scope of data collection.
The researchers then shared this dataset with Cambridge Analytica. In total, approximately 87 million users had their data improperly accessed—though many more may have been indirectly affected through their friends’ data being harvested. The scandal broke wide open in March 2018 when The Guardian and The New York Times published investigations revealing Cambridge Analytica’s practices. The revelations sparked global outcry, multiple government investigations, and a dramatic fall from grace for the company—Cambridge Analytica shut down in 2018 after the exposure. However, the damage to user trust in Facebook and broader concerns about social media privacy had already taken hold. This breach became a turning point that fundamentally changed how people think about tech companies’ data practices and spawned numerous lawsuits, regulatory actions, and stricter data protection laws worldwide.
Who Is Eligible to File a Claim for the Facebook Settlement?
To be eligible for compensation, you must have been a Facebook user at any point between May 24, 2007 and December 22, 2022. The settlement covers U.S. residents who had a Facebook account, and you don’t need to prove that your specific data was accessed or misused—membership in the class is based solely on having a Facebook account during the class period. This is an unusually broad definition of harm that benefited most Facebook users. If you were a Facebook user at the time, you may have received notice about the settlement either by email, postal mail, or through Facebook itself.
Many claimants didn’t need to do anything—Facebook automatically submitted claims on behalf of users who met certain criteria. However, some users may have needed to submit a claim manually, depending on their account status and activity level. The deadline for submitting claims has already passed for this settlement, but if you received a settlement notice and haven’t checked on your claim status, you can verify whether payment has been made to you. By September 2025, approximately 17 million claims were validated and approved for payment. This is notably less than the full 87 million people affected, which reflects that many users either didn’t claim, were ineligible under final settlement criteria, or their accounts couldn’t be verified. If you were a Facebook user but your claim wasn’t automatically approved, the settlement administrator’s website allows you to check your claim status with your email address or settlement claim number.
How Much Money Can You Expect from the Facebook Settlement?
The average payout per approved claimant is $29.43. This relatively modest amount reflects the fact that $540 million is divided among 17 million validated claims. The maximum payout is $38.36, which goes to users who had continuously active Facebook accounts throughout the entire 15-year settlement class period (May 24, 2007 to December 22, 2022). Most users receive less than the maximum because the settlement distributes funds based on a point system. The payment allocation works like this: you receive one point for each calendar month that you had an active Facebook account during the class period.
So if you had an account for all 180 months (May 2007 through December 2022), you’d receive the maximum 180 points and the maximum payout of $38.36. If you joined Facebook in 2015 and remained active through 2022, you’d have fewer points and a smaller payment—perhaps $15 to $20, depending on your exact months of activity. The settlement administrator reviewed account creation dates, deletion dates, and activity patterns to assign points accurately. It’s important to temper expectations: these payments are not meant to fully compensate for privacy violations, and they’re far too small to cover any personal damages anyone might have suffered from identity theft or other misuse of their data. If you received notice that you were eligible for the settlement, you likely received a check or payment automatically in September 2025 or shortly thereafter. If you haven’t received payment and believe you were eligible, contact the settlement administrator to verify your claim status and payment method.
What Are the Important Limitations and Considerations?
This settlement, while historic in size, comes with significant limitations that users should understand. First, the $725 million figure is not as large as it sounds when distributed to 87 million people—or even to the 17 million who actually received payments. That $29.43 average payout is less than what many users might spend on a monthly subscription, and it’s far below what many privacy advocates argue users should be compensated for the unauthorized sale and exploitation of their personal data. Some critics contend that this settlement sets a low bar for the value of personal data in privacy lawsuits. Second, as mentioned, Meta did not admit wrongdoing. This means the company’s legal position—that it didn’t violate the law—remains unchanged.
The settlement was presented as a business decision to resolve litigation rather than a court finding that the company violated users’ rights. For users who felt genuinely harmed by the privacy breach, the lack of an admission can feel like the company got away with the behavior without taking full legal responsibility. It’s worth noting that Meta faced other penalties, including a $5 billion FTC fine in 2019 and additional regulatory actions, but those are separate from this settlement. Third, the statute of limitations for bringing new privacy claims based on Cambridge Analytica has passed. If you didn’t claim as part of this settlement and you’re now thinking about pursuing separate legal action, you may be barred by time limitations. Additionally, federal courts have been skeptical of privacy claims in recent years, making it less likely that future plaintiffs will succeed in suing companies over similar data sharing practices. This settlement is one of the few major payouts consumers have won related to unauthorized data sharing, which is why it’s notable—but also why timing mattered for filing claims.
How Does This Settlement Compare to Other Privacy Settlements?
The $725 million Facebook Cambridge Analytica settlement held the title of the largest privacy settlement in U.S. history at the time it was approved. To put this in perspective, before the Cambridge Analytica case, most privacy-related settlements ranged from tens to hundreds of millions of dollars. For example, Yahoo settled a 2013-2014 data breach lawsuit for $117.5 million in 2017, and T-Mobile settled a 2018 data breach lawsuit for $350 million in 2021. The Facebook settlement significantly exceeded these. However, when divided among affected users, Facebook’s settlement actually pays less per person than some smaller settlements.
A 2016 Snapchat settlement for an app crash issue paid $100 million to fewer users, resulting in larger individual payouts. A 2020 Google location tracking settlement paid $391.5 million to users but was also divided among potentially smaller claimant populations. The Facebook case illustrates an important principle: the size of the settlement pool depends not just on the settlement amount, but on how many people qualify and come forward to claim. Since the Cambridge Analytica settlement, Meta and other big tech companies have faced additional privacy lawsuits and regulatory actions. The competitive pressure to resolve cases before trial, combined with evolving privacy regulations like GDPR in Europe and CCPA in California, suggests that future privacy settlements may be larger in aggregate. However, individual payouts are unlikely to be significantly higher unless companies settle with smaller class sizes or pay substantially larger total amounts.
What’s Next for Meta and Privacy Lawsuits?
Meta continues to face ongoing regulatory and legal scrutiny over its data practices. The FTC maintains an ongoing consent decree requiring Meta to implement specific privacy safeguards, and state attorneys general continue to investigate various aspects of the company’s business practices. The Cambridge Analytica settlement resolution doesn’t end Meta’s legal exposure to privacy claims—it only resolves that specific lawsuit and those specific class members. Looking forward, privacy law and class action litigation are evolving.
Consumers and regulators are increasingly focused on how tech companies collect, use, and monetize personal data. The Cambridge Analytica case demonstrated that major data breaches and unauthorized sharing can lead to nine-figure settlements, which incentivizes companies to invest in stronger data protections. At the same time, courts have become more skeptical of privacy claims in some contexts, making it harder for consumers to win lawsuits based on theoretical harms rather than concrete damages like identity theft or financial loss. Future major settlements may depend on stronger evidence of actual consumer harm rather than just unauthorized access to data.
Conclusion
The Facebook $725 million Cambridge Analytica settlement represents a landmark moment in privacy law—the largest privacy class action settlement in U.S. history. It compensated as many as 87 million Facebook users whose personal information was improperly shared with the political data firm Cambridge Analytica.
Payments began in September 2025, with approximately 17 million approved claims receiving an average of $29.43 per person, and a maximum of $38.36 for users with continuous 15-year account activity. If you were a Facebook user between May 24, 2007 and December 22, 2022, you were part of the eligible class and likely received payment automatically or had an opportunity to claim compensation. While the individual payouts are modest, this settlement holds significance as evidence that large tech companies can face financial consequences for data privacy violations. It also serves as a cautionary reminder of how user data can be misused through app third-party access and how important it is to pay attention to Facebook’s privacy settings and the permissions you grant to apps connecting to your account.