The Landmark Admin data breach settlement represents one of the largest insurance-related data compromise cases in recent years, with a $6 million settlement fund established to compensate victims of a significant 2024 breach affecting up to 1.6 million Americans. The breach, which occurred between May 13 and June 17, 2024, exposed sensitive personal information including Social Security numbers, financial account details, driver’s license numbers, and health insurance data. The settlement agreement was finalized on January 29, 2026, in the District Court for Dallas County, Texas, in the case Newson, et al. v. Landmark Admin, LLC, et al.
(Case No. DC-25-07674). The settlement involved six insurance companies that relied on Landmark Admin to process their data: Accendo Insurance, American Benefit Life Insurance, American Monumental Life Insurance, Capitol Life Insurance, Continental Mutual Insurance, and Liberty Bankers Life Insurance. While these companies were named as defendants, they share responsibility for the data protection failures that allowed the breach to occur. The $6 million settlement fund was designed to provide restitution to affected individuals, though the actual per-person payout varies significantly depending on whether victims could document losses from identity theft or fraud.
Table of Contents
- Who Was Affected by the Landmark Admin Data Breach?
- What Information Was Compromised in the Data Breach?
- How Much Compensation Could Victims Receive?
- How to File a Claim and the Critical Deadline Issue
- What Happened to Unclaimed Settlement Funds?
- Understanding the Defendants and Their Liability
- What This Breach Reveals About Data Security Practices in Insurance
Who Was Affected by the Landmark Admin Data Breach?
The breach impacted an estimated 1.6 million Americans whose personal information was stored in Landmark Admin’s systems. The two-month exposure window—from May 13 through June 17, 2024—gave bad actors a substantial period to potentially access and use the compromised data. The types of information exposed were among the most sensitive categories, making victims particularly vulnerable to identity theft and financial fraud.
Names alone would be useless; the combination of names with social Security numbers, financial account details, and driver’s license information created the perfect toolkit for criminals to commit fraud or steal identities. The six insurance companies affected issued notifications to their policyholders, though the timing and clarity of these notifications varied. Some victims discovered the breach through official company communications, while others learned about it only when applying for credit or checking their credit reports. The geographic scope was national—there was no regional limitation to the breach, meaning residents from every state potentially had their data compromised.
What Information Was Compromised in the Data Breach?
The Landmark Admin breach exposed a comprehensive set of personal identifiers and financial information that cybersecurity experts consider among the highest-risk categories for identity theft. The compromised data included full names, Social Security numbers, financial account information, driver’s license numbers, and health insurance data. This combination is particularly dangerous because it provides identity thieves with multiple verification points—they can confirm someone’s identity using the driver’s license number, prove access to their accounts using the insurance information, and potentially access financial accounts using the account details.
A critical limitation of the settlement is that it does not include credit monitoring services or identity theft protection for all affected individuals—only those who filed claims within the deadline window could pursue compensation. For comparison, many large data breaches in recent years have included multi-year credit monitoring as part of the settlement package. In this case, victims had to rely on their own vigilance to monitor accounts and detect fraudulent activity. Those who failed to file claims before the December 26, 2025 deadline lost the opportunity to claim compensation, even if they later discovered identity theft losses.
How Much Compensation Could Victims Receive?
The settlement established a two-tier compensation structure designed to provide different levels of restitution based on the documentation available from claimants. Those who could provide proof of actual identity theft or fraud losses—such as fraudulent charges, unauthorized accounts opened in their name, or other documented financial harm—could claim up to $2,500 from the settlement fund. This tier incentivized victims to dig into their financial records and account statements to document any fraud, though gathering this evidence required time and effort that many victims were unwilling to invest.
For claimants who could not or chose not to provide documentation of losses, a flat $30 payment was available. While this amount appears modest, it represents the settlement administrator’s acknowledgment that even those without documented fraud suffered harm from the breach itself—potential exposure, stress, and the time spent protecting themselves against future fraud. However, the difference between the maximum payout and the flat payment is substantial: a claimant with $2,000 in documented losses would receive $2,500, while someone who suffered the same $2,000 in losses but failed to gather documentation would receive only $30. This structure placed the burden on victims to be proactive and thorough in their evidence gathering.
How to File a Claim and the Critical Deadline Issue
The settlement was administered through the official website LandmarkDataSettlement.com, where affected individuals could submit claims and find detailed instructions about the process. The settlement administratorsettlement administrator[contact via the official settlement website] provided support for those who preferred to file claims by telephone or needed clarification about documentation requirements. However, there is an important timing consideration that current readers must understand: the claim filing deadline was December 26, 2025, at 11:59:59 PM Central Time, which has already passed as of April 2026. This means the claims period is now closed, and victims who did not file claims by that deadline cannot recover compensation from this settlement fund.
For those who received notification about the settlement but missed the deadline, there are limited options. Some states have periods after the main deadline during which late claims may be accepted if the claimant can provide a valid reason for the delay, though these are rare and usually require strong justification. Individuals who believe they have a valid reason for late filing should contact the settlement administrator directly at the phone number above to inquire about any late-claim procedures. As a comparison, many settlements extend their deadlines by 30 to 60 days beyond the primary deadline for good cause, but such extensions are not guaranteed and depend entirely on the settlement agreement’s specific terms.
What Happened to Unclaimed Settlement Funds?
One of the least-understood aspects of class action settlements is the fate of money that remains unclaimed after the deadline passes. In the Landmark Admin settlement, any funds not distributed to claimants typically revert to the defendants or are distributed to cy pres beneficiaries—charitable organizations related to the harm at issue. This practice means that settlement funds can potentially go unused if claim rates are low. Research on major data breach settlements shows that claim rates typically range from 5% to 30%, depending on how clearly victims understand their eligibility and how easily they can access the claims process.
A significant limitation of this settlement structure is that victims who were unaware of the breach or the settlement opportunity could not access compensation. Some victims might have ignored breach notification emails, believing them to be phishing attempts or spam. Others may have moved, changed email addresses, or simply missed the communications about the settlement. Unlike some state-mandated claim processes where funds are automatically distributed through tax refunds or other mechanisms, this settlement required affirmative action from each victim. This placed the burden entirely on individuals to discover the breach, understand their eligibility, gather documentation, and submit claims within a compressed timeframe.
Understanding the Defendants and Their Liability
The six insurance companies named in the settlement—Accendo Insurance, American Benefit Life Insurance, American Monumental Life Insurance, Capitol Life Insurance, Continental Mutual Insurance, and Liberty Bankers Life Insurance—all outsourced their data processing to Landmark Admin. While Landmark Admin was the entity that actually experienced the breach, the insurance companies were included as defendants because they failed in their duty to ensure that third-party vendors properly protected customer data.
This reflects an important principle in data protection law: companies remain liable for the security practices of vendors they hire, regardless of which entity actually stored the data. The settlement does not indicate that any of the defendants admitted liability or wrongdoing; it is a settlement agreement that allows all parties to avoid the costs and risks of continued litigation. In this type of settlement, the insurance companies and Landmark Admin can still maintain that they took reasonable security precautions while agreeing to compensate victims as a practical resolution to the dispute.
What This Breach Reveals About Data Security Practices in Insurance
The Landmark Admin breach highlights a critical vulnerability in the insurance industry’s data infrastructure: the reliance on third-party administrators to handle sensitive personal information with minimal oversight mechanisms that would be visible to consumers. Insurance companies often outsource policy administration, claims processing, and customer data management to firms like Landmark Admin, reducing operational costs but concentrating risk. A two-month breach window suggests that the security monitoring systems—if they existed—failed to detect unauthorized access quickly.
In modern cybersecurity, detection time is measured in hours or days; a two-month gap indicates either absent monitoring or monitoring systems that generated alerts that were not acted upon promptly. Future breaches may prompt regulatory changes requiring insurance companies and their vendors to implement more rigorous security standards, faster breach detection, and mandatory cyber insurance. The fact that this settlement occurred at a significant cost to the defendants may incentivize industry-wide improvements in third-party vendor management.
You Might Also Like
- EyeMed $5 Million Vision Insurance Data Breach Class Action Settlement
- Varsity Brands $1.1 Million Data Breach Class Action Settlement
- Tri Counties Bank $1.185 Million Data Breach Class Action Settlement
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: