The American National Bank & Trust Data Incident Settlement resolves allegations that ANB&T failed to protect the sensitive personal information of approximately 52,977 individuals whose data was compromised during a cyberattack on January 21-22, 2025. The plaintiffs in Kelly Banner, et al. v. American National Bank & Trust claim the bank did not adequately secure its computer network, allowing cybercriminals to access files containing Social Security numbers, financial account details, medical information, and more.
ANB&T, for its part, disputes every allegation and denies any wrongdoing or liability in connection with the breach. If you received a written notification from ANB&T about the data incident, you may be eligible for up to $4,500 in documented loss reimbursement or a $50 alternative cash payment, plus one year of three-bureau credit monitoring and $1 million in identity theft insurance coverage. The claim filing deadline is April 21, 2026, and the official settlement website is anbtdatasettlement.com.
Table of Contents
- What Are the Allegations in the American National Bank & Trust Data Incident Settlement?
- What Data Was Exposed and Who Is Affected by the ANB&T Breach?
- How Did ANB&T Respond After Discovering the Breach?
- What Are Your Options for Filing a Claim or Opting Out?
- What Are the Limitations of This Settlement?
- How the ANB&T Settlement Compares to Other Recent Data Breach Cases
- What Should Affected Individuals Do Next?
- Frequently Asked Questions
What Are the Allegations in the American National Bank & Trust Data Incident Settlement?
The lawsuit, filed as case number DC30-CV2025-1068 in the 30th Judicial District Court for Wichita County, Texas, centers on a straightforward claim: that ANB&T did not implement adequate cybersecurity measures to protect customer data. According to the plaintiffs, this failure allowed unauthorized actors to infiltrate the bank‘s computer network over a two-day window in January 2025 and access files containing highly sensitive personal information. The exposed data included names, addresses, Social Security numbers, driver’s license and passport numbers, financial account and credit card numbers, medical and health insurance information, and dates of birth. That is an unusually broad range of compromised data categories for a single incident, which increases the potential for identity theft and fraud. To put this in perspective, many data breach settlements involve only one or two categories of exposed information, such as email addresses and passwords. When a breach exposes Social Security numbers alongside financial account numbers and medical records, the risk to affected individuals escalates significantly.
A stolen email address is an inconvenience. A stolen Social Security number paired with a date of birth and bank account number can be used to open fraudulent lines of credit, file false tax returns, or commit medical identity fraud. The plaintiffs argue that ANB&T had a duty to prevent exactly this kind of outcome and that the bank fell short. ANB&T has denied all of these allegations. The bank maintains that it did nothing wrong and bears no liability for the incident. This denial is standard in class action settlements — agreeing to settle does not mean a defendant admits fault. The settlement represents a compromise: the plaintiffs avoid the uncertainty and expense of a trial, and ANB&T resolves the litigation without an admission of wrongdoing.
What Data Was Exposed and Who Is Affected by the ANB&T Breach?
The scope of compromised information in this case is worth examining closely. According to the official settlement website and ANB&T’s own notice of security incident, the exposed data falls into several categories: personally identifiable information (names, addresses, dates of birth), government-issued identification numbers (Social Security numbers, driver’s licenses, passports, state IDs), financial data (account numbers, credit and debit card numbers), and medical data (medical information and health insurance details). Not every affected individual necessarily had all of these data types exposed — the specific information compromised varies from person to person depending on what ANB&T had on file. Approximately 52,977 individuals were affected.
you are a Settlement Class Member if you reside in the United States and were mailed a written notification by ANB&T informing you that your private information was potentially accessed, viewed, or obtained as a result of the January 21, 2025, data incident. If you did not receive such a notification, you are likely not part of the settlement class, even if you are an ANB&T customer. However, if you believe your information was compromised but you did not receive a letter — perhaps because you moved or the letter was lost in the mail — it may be worth contacting the settlement administrator through anbtdatasettlement.com to verify your eligibility. One important limitation: the settlement covers the specific January 2025 incident only. If your ANB&T data was compromised in any other context or through a different breach, this settlement does not apply to that situation.
How Did ANB&T Respond After Discovering the Breach?
According to ANB&T’s own public notice of security incident, the bank detected the unauthorized network access on or about January 21-22, 2025, and took several immediate steps. The bank secured its network to prevent further unauthorized access, notified law enforcement, and launched a forensic investigation to determine the scope of the intrusion. These are standard incident response measures that most organizations follow after discovering a breach, and they align with what regulators and cybersecurity frameworks generally recommend. For affected individuals, ANB&T sent written notifications disclosing the breach and the types of data that may have been compromised. This notification is what determines your eligibility for the settlement class.
As a practical example, if you received a letter from ANB&T sometime after January 2025 informing you that your personal information may have been accessed during a security incident, that letter is your proof of class membership. Hold onto it. You may need it when filing a claim, and it may also detail the specific types of your data that were affected. As part of the settlement, ANB&T has also agreed to implement and maintain various security-related improvements going forward. The specific nature of these improvements is not fully detailed in public documents, but this provision is intended to reduce the likelihood of a similar incident in the future. Whether these improvements are sufficient is something affected individuals cannot easily verify, which is a common frustration with data breach settlements.
What Are Your Options for Filing a Claim or Opting Out?
Settlement class members have three basic options, each with different tradeoffs. First, you can file a claim for documented losses of up to $4,500. This covers out-of-pocket expenses you incurred as a direct result of the data incident — things like fees for credit monitoring services you purchased, costs related to freezing or unfreezing your credit, bank fees from unauthorized transactions, or time spent dealing with identity theft. You will need documentation to support these claims, such as receipts, bank statements, or invoices. The more thorough your documentation, the stronger your claim. Second, if you do not have documented losses or do not want to go through the process of gathering documentation, you can submit a claim for the $50 alternative cash payment. This is a simpler option but obviously pays far less.
For someone who has not experienced any tangible harm from the breach, the $50 payment may be the most practical choice. For someone who spent hours on the phone with their bank disputing fraudulent charges, it would be worth the effort to document those losses and pursue the higher amount. Third, you can opt out of the settlement entirely. The opt-out deadline is March 23, 2026. Opting out preserves your right to file your own individual lawsuit against ANB&T, but it means you receive nothing from this settlement. This option generally only makes sense if you suffered significant, well-documented financial harm that exceeds what the settlement offers and you are prepared to hire an attorney and pursue litigation on your own. For most people, filing a claim within the settlement is the more practical path. All class members who do not opt out also receive one year of three-bureau credit monitoring and $1 million in identity theft insurance coverage, regardless of whether they file a claim for monetary compensation.
What Are the Limitations of This Settlement?
The $4,500 cap on documented losses is one notable limitation. For individuals who suffered extensive identity theft — new accounts opened in their name, fraudulent tax returns filed, months of credit repair — the actual costs can far exceed $4,500. Credit repair services alone can run hundreds of dollars per month, and the time lost dealing with identity theft is rarely fully compensated. The settlement does not account for future harm either. If your stolen data is used for fraud two years from now, this settlement will already be closed. The $50 alternative payment, while easy to claim, is modest by any measure.
Some data breach settlements offer higher flat payments, though $50 is within the range of what courts have approved in similar cases. The one year of credit monitoring is helpful but limited — identity thieves often sit on stolen data for years before using it. Once your complimentary monitoring period ends, you will need to decide whether to pay for continued monitoring or rely on other protective measures like credit freezes, which are free. Another practical concern: the $1 million identity theft insurance coverage sounds substantial, but insurance policies like this typically come with conditions, exclusions, and a claims process of their own. If you experience identity theft, the insurance may help cover certain losses, but it is not a guarantee of full reimbursement for every cost you might incur. Read the policy terms carefully when you receive them.
How the ANB&T Settlement Compares to Other Recent Data Breach Cases
Data breach settlements vary widely in their terms. Some large-scale breaches affecting millions of people — like the Equifax breach — resulted in settlements worth hundreds of millions of dollars but offered relatively modest per-person payouts. Smaller breaches affecting tens of thousands of people, like the ANB&T incident, sometimes offer higher per-person compensation because the settlement fund is divided among fewer claimants. The $4,500 documented loss cap and $50 alternative payment in the ANB&T settlement are competitive compared to many similar-sized cases.
The inclusion of both three-bureau credit monitoring and $1 million in identity theft insurance is also above average. Some settlements offer only single-bureau monitoring or no insurance component at all. The fact that the exposed data includes such a wide range of sensitive information — from Social Security numbers to medical records — likely influenced the terms. Settlements involving more sensitive data categories tend to offer more strong protective benefits.
What Should Affected Individuals Do Next?
If you received a notification letter from ANB&T, the most important step right now is to file your claim before the April 21, 2026, deadline. Visit anbtdatasettlement.com to submit your claim and review the full settlement terms. If you have documented out-of-pocket losses, gather that documentation now rather than waiting until the last minute.
Bank statements, receipts for credit monitoring services, and records of time spent dealing with fraud-related issues are all relevant. Beyond the settlement itself, consider placing a credit freeze with all three major credit bureaus — Equifax, Experian, and TransUnion — if you have not already done so. A credit freeze is free and prevents new accounts from being opened in your name. Given that Social Security numbers and financial account information were among the data exposed, ongoing vigilance is warranted well beyond the one-year credit monitoring window this settlement provides.
Frequently Asked Questions
How do I know if I am part of the ANB&T data breach settlement class?
You are a Settlement Class Member if you reside in the United States and received a written notification from ANB&T stating that your private information was potentially accessed during the January 21, 2025, data incident. If you are unsure whether you qualify, visit anbtdatasettlement.com for more information.
What is the deadline to file a claim in the ANB&T settlement?
The claim filing deadline is April 21, 2026. Claims submitted after this date will not be accepted.
Can I file a claim for both documented losses and the $50 alternative payment?
No. You must choose one or the other. If you have out-of-pocket expenses related to the breach, you can claim up to $4,500 with documentation. If you do not have documented losses, you can claim the $50 alternative cash payment instead.
What if I want to sue ANB&T on my own instead of participating in the settlement?
You must opt out of the settlement by March 23, 2026, to preserve your right to file an individual lawsuit. If you do not opt out, you are bound by the settlement terms and cannot sue separately over this incident.
Does ANB&T admit that it did anything wrong by settling this case?
No. ANB&T disputes the plaintiffs’ allegations and denies any wrongdoing or liability. The settlement is a compromise to resolve the litigation without a trial, which is standard practice in class action cases.
What kind of expenses qualify as documented losses under the settlement?
Out-of-pocket expenses directly related to the data incident may qualify, including costs for credit monitoring services, credit report fees, bank fees from unauthorized transactions, and expenses related to identity theft remediation. You will need receipts or other documentation to support your claim.