Evolve Bank and Trust has agreed to pay $11.85 million to settle a class action lawsuit over a 2024 data breach that exposed sensitive personal information from approximately 18 million individuals. The settlement was finalized in December 2025, with U.S. District Judge Sheryl H. Lipman approving it as “fair, reasonable, and adequate” in the Western District of Tennessee.
Eligible class members can claim compensation ranging from a flat $20 payment to up to $3,000 if they can document losses directly tied to the breach. The breach occurred when a criminal organization called LockBit gained unauthorized access to Evolve Bank’s systems between February and May 2024, exploiting a successful social engineering attack after an employee clicked a malicious link. When the bank publicly disclosed the incident in late June 2024, it exposed names, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers, and contact information belonging to millions of customers. The bank confirmed that no actual funds were stolen, though the exposure of financial credentials created significant identity theft and fraud risks for affected individuals.
Table of Contents
- How the Evolve Bank Data Breach Happened and Why It Matters
- Settlement Payment Structure and Available Compensation
- Who Is Eligible to Claim and File for Compensation
- How to Navigate the Claims Process and Documentation Requirements
- Critical Deadlines and Important Limitations to Know
- Credit Monitoring Services and Additional Benefits Included
- Lessons From the Evolve Bank Breach and Future Data Protection
- Conclusion
How the Evolve Bank Data Breach Happened and Why It Matters
The 2024 Evolve bank breach serves as a stark reminder that even financial institutions with robust security investments remain vulnerable to human error. The attack began with a single employee clicking a malicious link, which gave LockBit ransomware operators a foothold in the bank’s network. Rather than immediately paying a ransom demand, Evolve Bank chose to resist, triggering the criminal group to threaten public data disclosure. This approach, while principled, ultimately led to the regulatory scrutiny and legal action that resulted in the settlement. What made this breach particularly dangerous was the type of data exposed.
social Security numbers and driver’s license information are the foundation of identity theft, and when combined with names, dates of birth, and bank account details, they provide criminals with nearly everything needed to open fraudulent accounts or take over existing ones. Unlike a breach involving only email addresses, this incident created ongoing fraud risks that persist years after the initial exposure. Victims reported having to monitor their credit profiles continuously and dispute unauthorized accounts that appeared on their records. The fact that no customer funds were actually stolen does not minimize the real harm caused. Identity theft recovery can take months or years, involve significant out-of-pocket expenses for credit monitoring and fraud prevention services, and create emotional stress as individuals work to restore their financial reputation. The settlement acknowledges these documented harms through the higher payment tier that requires proof of breach-related losses.
Settlement Payment Structure and Available Compensation
The $11.85 million settlement is divided into two distinct payment paths, each designed to address different levels of harm. Cash Payment A allows class members with documented losses to claim up to $3,000 per person. These losses must be directly attributable to the breach and can include expenses for credit monitoring services, fraud recovery fees, lost time addressing identity theft issues, or documented fraudulent transactions. This option recognizes that victims who suffered measurable financial or time-based harm deserve more substantial compensation. Cash Payment B provides a flat payment of approximately $20 to all other eligible class members, regardless of whether they experienced documented losses.
This payment amount will be adjusted up or down depending on the total number of valid claims submitted—if far fewer people claim than anticipated, each person gets a slightly higher payment; if many more claim than expected, payments adjust downward proportionally. All class members also receive complimentary credit monitoring services as part of the settlement, giving them access to the same fraud detection and alert systems that typically cost $100 to $200 per year. one important limitation of the settlement is that the $20 flat payment won’t fully cover the cost of credit monitoring services that individuals may have already purchased on their own during the breach discovery period. If you paid for your own monitoring before receiving the settlement, you cannot submit that as a documented loss under Payment A unless you can prove the expense was specifically incurred in direct response to learning about the Evolve Bank breach. The settlement does not reimburse retroactively for monitoring you bought as a precautionary measure.
Who Is Eligible to Claim and File for Compensation
Approximately 18 million individuals are eligible for compensation under this settlement, consisting of anyone whose personal information was exposed in the Evolve Bank breach between February and May 2024. Eligibility is not limited to current Evolve Bank customers at the time of the settlement approval. The class includes former customers, individuals who briefly held accounts years before the breach occurred, and anyone else whose data was stored in Evolve Bank’s systems during the exposure window. To file a claim, eligible individuals must submit documentation through the official settlement website at evolvesettlement.com. The claim process requires verifying your identity to confirm you were among the 18 million affected individuals—this verification helps prevent fraud and ensures that compensation reaches legitimate class members.
If you claim under Payment A (the higher tier requiring documented losses), you’ll need to gather and submit supporting evidence such as receipts for credit monitoring services, bank statements showing fraudulent charges, proof of time spent addressing identity theft, or correspondence with creditors regarding fraudulent accounts opened in your name. A critical warning: the claim deadline of October 30, 2025, has already passed. This means individuals who did not submit claims during the open filing window are no longer eligible to receive cash Payment A or the flat Cash Payment B. However, all class members automatically qualify for the credit monitoring services regardless of whether they filed a claim, since this benefit does not require an active claim submission. If you were affected by this breach and missed the deadline, you can still access the monitoring services at no cost by registering with the claims administrator.
How to Navigate the Claims Process and Documentation Requirements
Filing a claim under Payment A demands careful attention to documentation requirements. The settlement provides an online claims form that walks you through entering personal information, verifying your identity, and uploading supporting documents. If you experienced fraudulent accounts opened in your name, you’ll want to obtain the fraud dispute letters from your credit card companies or banks—these letters serve as evidence that fraud was linked to your accounts. For credit monitoring expenses, keep copies of credit card statements, receipts, or invoice confirmations showing the purchase amount and the service dates. For those claiming under Payment B, the process is simpler since no loss documentation is required—you only need to verify your identity and confirm that your information was in the Evolve Bank system during the exposure period.
However, if your identity verification fails or if the settlement administrator cannot locate your personal information in their records, you may be able to submit additional documentation to override the initial rejection. This is where timing matters: attempting to resolve verification issues well before any payment deadline gives you the best chance of successful resolution. One key tradeoff to understand is that if you claim under Payment B, you forfeit the ability to submit documentation for Payment A later. You cannot claim both. If you’re uncertain whether you have sufficient documentation for Payment A, it may be worth taking the time to gather evidence before submitting your claim, since the higher compensation tier could be worth significantly more than the $20 flat payment.
Critical Deadlines and Important Limitations to Know
The Evolve Bank settlement had several key deadlines that have now passed. The claim filing deadline of October 30, 2025, closed the window for submitting new claims for either cash payment. The opt-out and objection deadline of October 15, 2025, already expired, meaning individuals could not remove themselves from the settlement or formally object to its terms at that point. The final approval hearing occurred on November 14, 2025, and Judge Lipman issued the final approval order on December 15, 2025, making the settlement legally binding. Because all major deadlines have passed, individuals who did not file claims cannot receive Cash Payment A or the flat Cash Payment B.
This is a crucial limitation of class action settlements: the deadlines are absolute, and there is no appeals or grace period for late submissions. The settlement administrator typically does not accept claims filed weeks or months after the deadline, even if you have compelling documentation. If you missed the deadline and discover you have documentation of substantial losses from the breach, your only recourse would be to consult with a personal injury attorney about whether an individual fraud claim against Evolve Bank remains viable outside of this settlement. The credit monitoring services benefit does not have a claim deadline—all 18 million eligible individuals can access these services even if they didn’t formally file a claim. However, you should register for monitoring as soon as possible to ensure continuous fraud protection, since the settlement may not fund the monitoring indefinitely for individuals who register years after the approval date.
Credit Monitoring Services and Additional Benefits Included
One of the most valuable aspects of this settlement is the inclusion of comprehensive credit monitoring services at no cost to class members. These services typically include daily monitoring of your three major credit files (Equifax, Experian, and TransUnion), real-time alerts when suspicious activity is detected, identity theft insurance, and access to a dedicated support line if fraud is discovered. For individuals who would normally pay $150 to $200 annually for such monitoring, this benefit alone can save significant money over multiple years.
To activate the credit monitoring, eligible individuals must register through the settlement website and provide their personal information to the claims administrator. Upon registration, you’ll receive credentials to access the monitoring portal and set up your alerts and preferences. If fraudulent activity is detected during the monitoring period, the service typically provides guidance on next steps and may offer assistance in disputing unauthorized accounts. This creates a valuable safety net during the years when identity theft risk is highest following a data breach.
Lessons From the Evolve Bank Breach and Future Data Protection
The Evolve Bank incident highlights the persistent vulnerability created by social engineering attacks targeting bank employees. Even as organizations invest heavily in network security, firewalls, and encryption, a single employee clicking a malicious link can bypass layers of technical protection. The fact that LockBit specifically targeted banking infrastructure underscores that financial institutions remain high-value targets for criminal organizations seeking leverage and ransom opportunities.
This settlement also reflects evolving legal standards around what constitutes adequate compensation for data breach harm. Rather than requiring customers to prove dollar-for-dollar losses, the flat payment option acknowledges the inherent risk and inconvenience of having financial credentials exposed, even when no funds are actually stolen. Future settlements will likely continue this trend of offering tiered compensation that balances the needs of heavily affected individuals with baseline compensation for the broader population.
Conclusion
The Evolve Bank and Trust settlement resolves the legal claims arising from one of 2024’s most significant banking breaches. With 18 million individuals affected and $11.85 million in total compensation approved, eligible class members can claim payments up to $3,000 with documented losses or receive a flat $20 payment, plus access to complimentary credit monitoring services. Judge Sheryl H.
Lipman’s December 2025 approval concluded a settlement process that lasted approximately 18 months following the June 2024 public disclosure. If you were affected by this breach, the critical action is to register for the credit monitoring services through evolvesettlement.com to protect yourself going forward. Those who missed the October 30, 2025, claim deadline are no longer eligible for cash payments but can still access the monitoring benefit. For anyone who experienced documented fraud as a result of the breach and missed the claim deadline, consulting with a personal injury attorney about individual legal options outside this settlement may be worthwhile, as recovery costs and lost time can be substantial.