Granite Wellness Centers, a network of drug addiction treatment facilities in Northern California, suffered a significant data breach on January 5, 2021, that exposed personal information for approximately 15,600 individuals. A proposed $725,000 class action settlement has been reached to compensate affected people for the breach, with valid claimants eligible to receive an estimated $750 in pro-rata payments, plus up to $5,000 in reimbursement for documented out-of-pocket losses related to the breach.
The breach exposed sensitive personal and health information including names, birth dates, addresses, Social Security numbers, driver’s license numbers, bank account numbers, medical histories, and insurance details. The breach was discovered through a ransomware attack that compromised Granite Wellness Centers’ computer systems. The settlement, administered by Angeion Group, represents one of several data breach settlements affecting healthcare and addiction treatment providers in California, where state law provides additional statutory compensation for residents.
Table of Contents
- What Data Was Exposed in the Granite Wellness Centers Breach?
- Settlement Payment Structure and Compensation Options
- Who Is Eligible to Claim Compensation?
- How to File Your Claim Before the April 27, 2026 Deadline
- Important Deadlines and Limitations of the Settlement
- What Recovery Options Are Available for Your Specific Losses
- Common Questions About the Granite Wellness Centers Settlement
What Data Was Exposed in the Granite Wellness Centers Breach?
The January 5, 2021 ransomware attack on Granite Wellness Centers exposed a comprehensive collection of personal identifiers and sensitive health information. The breached data included names, dates of birth, home addresses, Social Security numbers, driver’s license numbers, and financial information such as bank account details. Additionally, the compromise included protected health information (PHI) including medical histories, diagnoses, treatment records, and insurance information—data particularly sensitive for individuals seeking addiction treatment services. The breadth of exposed information represents a significant privacy violation because it provided attackers with the tools necessary for identity theft, financial fraud, and targeted phishing attacks.
For comparison, other healthcare data breaches that year exposed fewer data categories—some breaches involved only names and Social Security numbers, or health records without financial data. The combination of full identifying information plus medical and insurance details creates a higher-risk scenario for affected individuals, as criminals could potentially use the health information to target specific insurance benefits or impersonate individuals for fraudulent medical claims. The exposure of addiction treatment records creates an additional dimension of harm beyond typical identity theft risk. Individuals in addiction recovery programs face particular vulnerability to discrimination and stigma if their treatment histories become public or are used for unauthorized purposes. The settlement recognizes this elevated harm by providing additional compensation pathways beyond the standard pro-rata payment.
Settlement Payment Structure and Compensation Options
The $725,000 settlement fund is distributed through multiple payment pathways depending on the nature and extent of an individual claimant’s losses. All eligible class members receive a pro-rata share of the settlement, estimated at approximately $750 per person, provided the claim is valid and the fund is not exhausted by higher-priority reimbursement claims. This baseline payment requires only proof of class membership and does not require documentation of actual losses. In addition to pro-rata payments, claimants who experienced documented out-of-pocket losses from the data breach can submit claims for reimbursement of those losses up to $5,000. Examples of compensable losses include credit monitoring service purchases, credit freezes, fees for identity theft recovery services, costs of correcting credit reports, or financial losses from unauthorized account activity directly tied to the breach.
This reimbursement pathway rewards claimants who took protective action following the breach and provides compensation proportional to actual harm incurred. California residents who are class members receive an additional $100 statutory cash payment, subject to proration. This extra compensation reflects California’s state law providing enhanced privacy protections and statutory damages for data breaches. A limitation to understand is that all payments are subject to proration, meaning if the number of valid claims exceeds what the settlement fund can fully cover at the stated per-claimant amount, all payouts will be reduced proportionally. The settlement cap of $725,000 means there is a ceiling on total compensation available, unlike some settlements that are structured as “uncapped” guarantees.
Who Is Eligible to Claim Compensation?
Eligibility for the Granite Wellness Centers settlement extends to any individual whose personal information was exposed in the January 5, 2021 data breach. The primary evidence of eligibility is class membership, which can be established through various means such as receiving a breach notification letter, having records with Granite Wellness Centers as a patient, or being able to verify that your personal information was contained in the breached database. The settlement does not limit eligibility based on the type of information exposed—all 15,600 potentially affected individuals are considered class members. Different compensation tiers apply based on residency and documented losses. All eligible class members qualify for the pro-rata payment estimated at $750.
However, only those who can document specific out-of-pocket losses are eligible for the reimbursement tier (up to $5,000), and only California residents are eligible for the additional $100 statutory payment. This means that the maximum possible recovery under the settlement varies by individual circumstances: a California resident with significant documented losses could potentially receive $750 (pro-rata) + $5,000 (reimbursement) + $100 (statutory) = $5,850, whereas a non-California resident without documented losses would receive only the $750 pro-rata payment. A key limitation is that eligibility is not automatic—you must actively submit a claim to receive compensation. Simply being part of the affected population does not guarantee payment without filing. Class members who do not submit a claim by the April 27, 2026 deadline will forfeit their right to compensation from this settlement.
How to File Your Claim Before the April 27, 2026 Deadline
Filing a claim for the Granite Wellness Centers settlement begins with accessing the official settlement website (granitewellnessdatasettlement.com), where claim forms and instructions are provided by the settlement administrator, Angeion Group. The basic process requires submitting your personal information to establish class membership and selecting which compensation tier(s) you wish to claim. For the pro-rata payment, you need only establish that you are a class member—documentation of actual losses is not required for this baseline compensation. If you are claiming reimbursement for out-of-pocket losses up to $5,000, you will need to provide documentation supporting those claims. This might include receipts for credit monitoring services purchased after the breach, credit freeze confirmation letters, invoices for identity theft recovery services, or bank statements showing unauthorized charges that were subsequently reversed.
Keep copies of all documentation and organize it by category (identity theft recovery services, credit monitoring, etc.) before submitting your claim, as the process typically requires itemizing each loss category and providing supporting proof. The critical deadline is April 27, 2026, by which all claim forms and supporting documentation must be received by the settlement administrator. Claims submitted after this date are generally not accepted, and you forfeit your right to compensation. The final fairness hearing is scheduled for April 28, 2026, just one day after the claim deadline. This tight timeline means you should prioritize filing well in advance of the April 27 deadline rather than waiting until the last moment, as technical issues or documentation gaps discovered near the deadline may prevent successful claim submission.
Important Deadlines and Limitations of the Settlement
Three critical deadlines govern participation in and receipt of compensation from this settlement. The first deadline, March 28, 2026, is the opt-out deadline, which is the last day you can exclude yourself from the settlement if you wish to pursue your own legal action against Granite Wellness Centers. The second deadline, April 27, 2026, is the claim submission deadline—the absolute final date for submitting your claim form and any supporting documentation to the settlement administrator. The third date, April 28, 2026, is the final fairness hearing before the court, when the judge will consider final approval of the settlement. Understanding these deadlines is essential because missing the April 27 claim deadline eliminates your ability to receive compensation from this settlement entirely.
Unlike some settlements that have extended claim periods or reopenings, this settlement has a fixed deadline. The opt-out deadline of March 28, 2026 has already passed as of the current date (April 9, 2026), meaning if you have not already opted out, you are bound by the settlement’s terms and are precluded from filing individual lawsuits against Granite Wellness Centers for this data breach. A significant limitation of this settlement is that the $725,000 total fund is subject to deductions for attorneys’ fees (up to 33.33% of the fund, or approximately $242,000) and claim administration costs. This means the amount actually available for claimant compensation is substantially less than the headline settlement figure. Additionally, all payments are subject to proration—if claims exceed the remaining settlement funds, each payment will be reduced proportionally. Class members should be aware that receiving the estimated $750 pro-rata payment assumes a certain level of claim volume; if significantly more individuals file claims than anticipated, the actual per-person payment could be lower than estimated.
What Recovery Options Are Available for Your Specific Losses
The settlement provides three separate compensation pathways to address different types of harm caused by the breach. The first pathway is the pro-rata cash payment (approximately $750), available to all class members without requiring proof of specific losses. This payment acknowledges the inherent risk and inconvenience created by having personal and health information exposed, regardless of whether you have yet experienced actual financial harm. For many claimants, this represents compensation for the time spent monitoring accounts, the stress of potential identity theft risk, and the value of their personal information exposed. The second pathway is loss reimbursement up to $5,000, which compensates individuals who took protective action or who suffered quantifiable financial losses directly attributable to the breach.
Compensable expenses typically include credit monitoring services subscribed to after the breach date, identity theft protection services, costs of placing security freezes on credit files, fees charged by credit bureaus for fraud disputes, or financial losses from unauthorized account activity that was subsequently recovered. For example, if you discovered fraudulent charges on a credit card and had to pay disputed amounts while the fraud was being investigated, those costs would qualify for reimbursement. The third pathway available to California residents is the $100 statutory cash payment, reflecting California’s strong data privacy laws that provide statutory damages separate from actual documented losses. A practical consideration is that you may claim multiple pathways simultaneously—you can receive the pro-rata payment and also submit a reimbursement claim for documented losses, and if you are a California resident, you also qualify for the $100 statutory payment. However, each pathway has different evidentiary requirements, with the pro-rata payment requiring no documentation and the reimbursement pathway requiring specific receipts or records.
Common Questions About the Granite Wellness Centers Settlement
Many class members wonder whether they should claim all available compensation pathways or whether claiming one disqualifies them from others. The answer is that the settlement structure allows you to claim multiple compensation tiers simultaneously—there is no “choose one” limitation. You can submit a claim for the pro-rata payment, include documentation of out-of-pocket losses for reimbursement consideration, and if you are a California resident, also claim the statutory payment. Submit whichever documentation you have available; the settlement administrator will evaluate each component of your claim separately. Another common question concerns documentation requirements and what counts as proof of loss. While specific documentation standards are detailed on the official settlement website, generally the settlement administrator accepts receipts, credit card statements showing charges, bank statements showing fraudulent transactions, invoices from credit monitoring or identity theft services, and similar documentary evidence.
If you do not have original receipts, you can typically submit bank or credit card statements showing the charge, or affidavits describing the loss if documentation has been lost. The key is providing credible evidence linking the loss to the data breach and documenting the amount. People also ask whether they should wait to file until after the final fairness hearing on April 28, 2026. The answer is no—you must submit your complete claim, including all documentation, before the April 27, 2026 deadline. The fairness hearing is the judge’s formal approval of the settlement terms and claims process, not an opportunity for late claims or appeals of rejected claims. Waiting for the hearing date offers no advantage and creates substantial risk that you will miss the deadline.
You Might Also Like
- Varsity Brands $1.1 Million Data Breach Class Action Settlement
- Tri Counties Bank $1.185 Million Data Breach Class Action Settlement
- T-Mobile $350 Million Customer Data Breach Class Action Settlement
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: