The Heartland Alliance data breach class action settlement resolves a lawsuit filed on behalf of approximately 46,694 individuals whose sensitive personal information was exposed in a December 2022 data breach. The settlement, valued at $300,000, was reached in the case Wittmeyer, et al. v. Heartland Alliance for Human Needs & Human Rights and related entities in the Circuit Court for Lake County, Illinois.
If you received a breach notification from Heartland Alliance in December 2022, this settlement may provide compensation for the exposure of your Social Security number, driver’s license number, bank account information, or medical records. The breach exposed highly sensitive data that puts victims at significant risk of identity theft and fraud. A person affected by this breach might have had their Social Security number and banking information compromised, making them vulnerable to fraudulent accounts and unauthorized financial transactions for years to come. Understanding your rights in this settlement and the deadline for filing a claim is essential if you were among those notified.
Table of Contents
- What Was the Heartland Alliance Data Breach and Who Was Affected?
- How Much Settlement Money Is Available and How Is It Distributed?
- What Personal Information Was Exposed and What Are the Risks?
- Important Deadlines for Filing Your Claim
- How to File Your Claim and What Documentation Is Required
- Case Details and the Legal Settlement Process
- Protecting Yourself After a Data Breach and Future Considerations
What Was the Heartland Alliance Data Breach and Who Was Affected?
On December 15, 2022, Heartland Alliance discovered that its systems had been breached. The breach notification was sent to affected individuals on December 21, 2022. The breach impacted multiple entities within the Heartland Alliance network, including Heartland Alliance for Human Needs & Human Rights, Heartland Alliance health, Heartland Alliance International, LLC, Heartland Housing, Inc., and Heartland Human Care Services, Inc.
A total of 46,694 individuals were reported to have had their personal information compromised. The exposed data included names, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers, and medical or health information. For many victims, this combination of data creates an elevated risk profile—someone with your Social Security number and banking details can potentially drain accounts or open fraudulent credit lines in your name. The inclusion of medical information means that health privacy was also violated, which has implications for health insurance fraud and discriminatory use of health data.
How Much Settlement Money Is Available and How Is It Distributed?
The settlement amount totals $300,000 to compensate the affected class members. This pool must cover all approved claims, attorney fees, administrative costs, and court-approved payments. The amount available per individual claim depends on the number of valid claims submitted and the specific circumstances of each claimant’s exposure.
A critical limitation of this settlement is that the $300,000 fund must be divided among potentially thousands of claimants. If 46,694 people were affected and all filed valid claims, each person might receive only a small amount—potentially $6 to $10 per person before expenses are deducted. In practice, not all affected individuals file claims, so the per-claim amount may be slightly higher, but claimants should not expect substantial compensation. The settlement does not require Heartland Alliance to admit wrongdoing, which is typical in most data breach class action settlements but leaves the underlying security failures unaddressed.
What Personal Information Was Exposed and What Are the Risks?
The breach exposed a comprehensive set of identifying and financial information: names, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers, and medical or health information. This combination creates multiple pathways for fraud and identity theft that can persist for years. With a Social Security number and date of birth, a criminal can file a fraudulent tax return to claim a refund, potentially stealing thousands of dollars before the victim becomes aware.
Bank account information can be used to initiate unauthorized wire transfers or set up fraudulent ACH payments. Driver’s license numbers combined with other personal data can help identity theft in rental applications, loan applications, or other transactions. The inclusion of medical records presents an additional concern: stolen health information could be used to file fraudulent insurance claims, obtain prescriptions, or sell the data on black markets where healthcare providers or unscrupulous actors might use it.
Important Deadlines for Filing Your Claim
If you were affected by this breach, there are three critical dates you must be aware of. The objection and exclusion deadline is September 30, 2025—this is the last day to file an objection to the settlement or exclude yourself from the class. The claims submission deadline is October 30, 2025, which is when all claim forms must be received to be considered valid. The final approval hearing is scheduled for November 19, 2025.
Missing the claims deadline will cost you your opportunity to receive any settlement compensation. Unlike some other legal proceedings, data breach settlements typically have strict deadlines with no exceptions for late filings. If you received a breach notification from Heartland Alliance, locate that notification letter now to confirm you have the correct case information, then visit the official settlement website to submit your claim before October 30, 2025. Even a small settlement payment is better than no payment, and the filing process typically requires only basic information about your exposure.
How to File Your Claim and What Documentation Is Required
To claim compensation from this settlement, you will need to provide proof that you were affected by the breach. The settlement administrator will require you to submit a claim form with your personal information and documentation verifying that you received the breach notification. Most claims require either a copy of the notification letter you received in December 2022 or alternative proof that you were among the 46,694 individuals notified.
A limitation many claimants face is that the original breach notification letters are often discarded within months of receipt, and not everyone has retained documentation. If you cannot locate your original notification, check whether you still have the envelope, email message, or any other correspondence from Heartland Alliance dated around December 21, 2022. The settlement website provides instructions for submitting claims without the original notification in some cases, though this may require additional documentation or alternative proof of exposure. Contact the claims administrator if you have questions about your specific situation, as they can provide guidance on alternative forms of acceptable proof.
Case Details and the Legal Settlement Process
The case is formally known as Wittmeyer, et al. v. Heartland Alliance for Human Needs & Human Rights, Heartland Alliance Health, Heartland Alliance International, LLC, Heartland Housing, Inc., and Heartland Human Care Services, Inc., with case number 2025LA00000127, filed in the Circuit Court for Lake County, Illinois, Chancery Division.
The settlement was negotiated between the plaintiffs’ attorneys and Heartland Alliance’s legal representatives, resulting in a monetary payment that the defendants agreed to make without admitting to any negligence or wrongdoing. This type of settlement is common in data breach cases, where companies settle quickly to avoid prolonged litigation, even if they deny responsibility. The settlement does not require Heartland Alliance to implement specific security improvements, hire new security staff, or demonstrate that the vulnerability that led to the breach has been fixed. From a legal standpoint, this means the settlement provides money to victims but does not necessarily prevent similar breaches from occurring in the future if the same security gaps remain unaddressed.
Protecting Yourself After a Data Breach and Future Considerations
If your information was compromised in this breach, you should take immediate protective steps. Monitor your credit reports from all three bureaus (Equifax, Experian, and TransUnion) for unauthorized accounts or inquiries. Place a fraud alert on your credit file by contacting one of the three bureaus, which requires lenders to verify your identity before opening new accounts. Consider placing a credit freeze, which is stronger protection that blocks credit inquiries entirely unless you temporarily lift the freeze.
For the longer term, watch your bank and credit card statements carefully for unauthorized transactions, and consider identity theft protection services if you can afford them. Many data breach class actions include a settlement provision for identity theft insurance, but the Heartland Alliance settlement has not yet announced whether such services will be provided. Keep documentation of any fraudulent accounts or unauthorized transactions, as you may be able to dispute and recover from identity theft that occurs in the years following this breach. Federal law gives you rights to dispute fraudulent accounts and typically limits your liability, but catching fraud early significantly reduces the damage.
You Might Also Like
- Wilmington Community Clinic Data Breach Class Action Settlement
- UA Sprinkler Fitters Local 669 Data Breach Class Action Settlement
- Staten Island University Hospital Data Breach Class Action Settlement
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: