Employee information for approximately 376,943 individuals was exposed in a March 10, 2024 ransomware attack on Complete Payroll Solutions, a payroll processing and HR services provider. The breach compromised sensitive personal data including names, Social Security numbers, driver’s license numbers, financial account information, and health insurance records. A $2.6 million class action settlement has been established to compensate affected employees, with the case name Dunn, et al. v.
Complete Payroll Solutions, LLC. The settlement offers multiple forms of compensation to eligible claimants. Those who have been notified of the breach and can verify their exposure are entitled to receive an estimated $100 cash payment (which may increase or decrease based on the number of claims filed), plus three years of comprehensive credit monitoring and identity theft protection services valued at $1 million in insurance coverage. Additionally, individuals who experienced documented out-of-pocket losses related to the breach can seek reimbursement of up to $5,000 through the settlement. The claim deadline is June 18, 2026.
Table of Contents
- What Personal Information Was Exposed in the Complete Payroll Solutions Data Breach?
- How Complete Payroll Solutions’ Breach Exposes the Vulnerability of Centralized Payroll Data
- What Does the $2.6 Million Settlement Cover?
- How to File a Claim Before the June 18, 2026 Deadline
- Identity Theft Risks and the Three-Year Credit Monitoring Benefit
- Documenting Losses and Claiming the Up-to-$5,000 Reimbursement
- What This Breach Reveals About Payroll Industry Data Security
- Conclusion
What Personal Information Was Exposed in the Complete Payroll Solutions Data Breach?
The March 2024 ransomware attack on Complete Payroll Solutions exposed a substantial range of sensitive employee information. The compromised data included names, Social Security numbers, driver’s license numbers, financial account information, and health insurance data. This combination of information is particularly dangerous because it provides attackers with everything needed to commit identity theft, open fraudulent accounts, or file false tax returns. Unlike breaches that only expose email addresses or partial credit card numbers, this incident exposed the core identity documents that are required for most financial fraud schemes.
The scope of the breach is significant in scale. With 376,943 affected individuals, this represents one of the larger payroll-sector data breaches in recent years. For comparison, payroll companies are targeted frequently by cybercriminals because they maintain comprehensive employee databases that contain both personal identifying information and financial details. The concentration of sensitive data in a single breached system created a particularly high-risk situation for those affected. All individuals who worked with companies using Complete Payroll Solutions during the exposure period should have received breach notification letters detailing what information was compromised.
How Complete Payroll Solutions’ Breach Exposes the Vulnerability of Centralized Payroll Data
payroll processing companies like Complete Payroll Solutions serve as centralized repositories for employee information across multiple client companies. This business model creates an attractive target for ransomware operators because one successful attack can expose the data of thousands of employees across dozens of organizations simultaneously. The March 2024 attack demonstrates this risk clearly—a single incident at one vendor affected employees from many different industries and company sizes.
The limitation of centralized payroll systems is that individual employees have limited visibility into their security posture. When your payroll information is stored with a third-party provider, you cannot control their security practices, backup procedures, or incident response protocols. You must trust that the company has implemented appropriate safeguards, which in this case proved insufficient to prevent the ransomware attack. This represents a fundamental tradeoff: payroll outsourcing offers efficiency and cost savings for employers, but concentrates personal data risk in a single third-party vendor.
What Does the $2.6 Million Settlement Cover?
The $2.6 million settlement in Dunn, et al. v. Complete Payroll Solutions, LLC was established to address the harm caused by the data breach. The settlement distributes compensation in multiple categories rather than as a single lump sum. The primary cash payment to each claimant is estimated at approximately $100, though this amount may increase if fewer people file claims or decrease if claim volume is higher than anticipated.
This cash component is intended to compensate for inconvenience, time spent monitoring credit reports, and general harm from the breach. Beyond the cash payment, the settlement includes three years of credit monitoring and identity theft protection services. These services include one-bureau credit monitoring, dark web monitoring to detect if your stolen information is being sold online, $1 million in identity theft insurance, and fully managed identity recovery services if fraud does occur. For individuals who want additional assurance, the settlement also provides a mechanism to claim documented losses. If you experienced out-of-pocket expenses directly related to the breach—such as credit freezes, credit report disputes, or costs associated with fraudulent charges—you can submit documentation of these losses for reimbursement of up to $5,000 per claimant.
How to File a Claim Before the June 18, 2026 Deadline
The claim filing process for the Complete Payroll Solutions settlement is administered through CPSSettlement.com, the official settlement website. To file a claim, you will need to visit this website and provide information to establish that you were affected by the breach. You should have received a breach notification letter from Complete Payroll Solutions or from the company that employed you and used their payroll services; this letter will contain information about the settlement and the claims process. The deadline to file a claim is June 18, 2026, which means you have limited time to take action.
Do not delay in submitting your claim, as late claims may be rejected even if you are otherwise eligible. The claims process typically requires you to provide your name, Social Security number, and other identifying information to verify that you are indeed an affected individual. Once your claim is approved, the settlement administrator will process your payment. The cash payment will be distributed to eligible claimants in a distribution that occurs after all claims are finalized and the court approves the final settlement terms.
Identity Theft Risks and the Three-Year Credit Monitoring Benefit
The data exposed in the Complete Payroll Solutions breach—particularly Social Security numbers and financial account information—creates an elevated risk of identity theft that extends well beyond the initial breach incident. Identity thieves may hold stolen data for months or even years before attempting to use it, which is why the settlement includes three years of credit monitoring rather than just 12 months. This extended timeline reflects the realistic window during which fraud risk remains elevated. A critical limitation to understand is that credit monitoring services, while valuable, are reactive rather than preventive.
Credit monitoring alerts you after suspicious activity has been detected, not before. If a fraudster opens a credit card in your name, the credit monitoring service will eventually alert you to the new account, but the damage to your credit score and your time spent disputing the fraudulent account is already done. The $1 million identity theft insurance included in the settlement helps cover costs associated with recovery, but there is no guarantee of complete reimbursement for all fraud-related losses. Additionally, credit monitoring services typically monitor one credit bureau (Equifax, Experian, or TransUnion), so monitoring all three bureaus would require additional paid subscriptions.
Documenting Losses and Claiming the Up-to-$5,000 Reimbursement
If you experienced direct financial losses related to the Complete Payroll Solutions breach, the settlement allows you to claim reimbursement of up to $5,000 for documented out-of-pocket expenses. Eligible expenses include costs directly attributable to the breach, such as fees paid to place a credit freeze, costs associated with credit report disputes, time spent addressing fraudulent charges, or other expenses incurred as a direct result of the breach. To claim documented losses, you will need to submit receipts, invoices, or other documentation showing the expense and proving it was breach-related.
For example, if you paid $50 to a credit repair service to help dispute fraudulent accounts opened in your name, you could include the invoice and any communications showing the fraud was related to the breach. The settlement administrator will review these claims and approve reimbursement up to the $5,000 cap per claimant. Keep in mind that reimbursement is limited to direct expenses; you cannot claim compensation for time spent managing the situation or general stress caused by the breach.
What This Breach Reveals About Payroll Industry Data Security
The Complete Payroll Solutions breach highlights ongoing vulnerabilities in how payroll processing companies protect sensitive employee data. Despite years of high-profile breaches targeting similar vendors, ransomware attacks continue to succeed against companies that hold concentrated pools of personal information. This suggests that either security investments have not kept pace with evolving threats, or that some companies have deprioritized security relative to other operational costs.
Looking forward, employees should recognize that using a payroll service provider means your data is protected by that company’s security practices, not your own. This creates an incentive to ask your employer what security standards their payroll provider maintains, whether they conduct regular security audits, and whether they carry cyber liability insurance. The settlement and credit monitoring benefits provide a financial safety net, but preventing the breach in the first place would have been far more valuable to the 376,943 affected individuals. Complete Payroll Solutions agreed to the settlement without admitting wrongdoing, which is typical in data breach settlements, but the settlement remains an acknowledgment that harm occurred and compensation is warranted.
Conclusion
The Complete Payroll Solutions data breach exposed the personal information of approximately 376,943 employees through a March 2024 ransomware attack. The resulting $2.6 million settlement provides affected individuals with an estimated $100 cash payment, three years of comprehensive credit monitoring with identity theft insurance, and up to $5,000 in reimbursement for documented losses. The settlement addresses exposure of names, Social Security numbers, driver’s license numbers, financial account information, and health insurance data—all information that creates significant identity theft risk.
If you were notified of your exposure in the Complete Payroll Solutions breach, you have until June 18, 2026 to file a claim through CPSSettlement.com. Take action now to secure your portion of the settlement, enroll in the credit monitoring services, and document any losses you have already incurred. While no settlement can fully undo the risk created by a data breach, these benefits provide meaningful financial compensation and protective services during the critical three-year period when identity theft risk is highest.
You Might Also Like
- Fidelity Investments Data Breach Settlement Covers Customers Whose Information Was Exposed
- Kaiser Privacy Settlement Claims Patient Website Data Was Shared With Third Parties
- Capital Health Data Breach Settlement Resolves Claims Over Hospital Cyberattack
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: