The Seven Counties Services Data Breach Class Action Settlement provides compensation to individuals affected by a phishing attack that compromised sensitive personal and medical information from July 19, 2024 to August 12, 2024. Seven Counties Services, a Louisville, Kentucky-based mental health and behavioral health provider established in 1978, experienced an email phishing attack that resulted in the exposure of names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, medical diagnoses, and dates of service for potentially thousands of individuals. The settlement, filed in Jefferson Circuit Court of Jefferson County, Kentucky (Case No.
24-CI-007516), offers affected individuals the opportunity to receive reimbursement for documented losses or a flat payment of $75, plus enrollment in credit monitoring and identity theft protection services at no cost. For someone receiving care at Seven Counties Services in mid-2024, this breach represents a significant privacy violation. If you received a breach notification letter dated October 3, 2024, you may be eligible to claim compensation by April 20, 2026. The settlement does not require proof of actual fraud or identity theft—you can claim the flat $75 payment simply by submitting a valid claim form, though those with documented out-of-pocket losses can seek reimbursement up to $5,000.
Table of Contents
- What Information Was Exposed in the Seven Counties Services Data Breach?
- Settlement Compensation and Available Benefits
- Settlement Claim Deadlines and Filing Process
- How to File Your Claim and Gather Supporting Documentation
- Important Limitations and Common Claim Denials
- Credit Monitoring and Identity Protection Services
- Long-Term Data Security Implications and Future Outlook
- Conclusion
What Information Was Exposed in the Seven Counties Services Data Breach?
The phishing attack targeted Seven Counties Services email accounts and resulted in unauthorized access to a wide range of sensitive personal and health information. The compromised data included full names, dates of birth, Social Security numbers, physical addresses, phone numbers, email addresses, mental health diagnoses, and dates of service. For individuals receiving behavioral health or mental health services, the exposure of diagnosis information alongside personal identifiers represents particularly sensitive exposure—this type of data could be used for targeted fraud or subject individuals to discrimination or embarrassment if misused.
The breach discovery occurred on August 12, 2024, when the IT team identified the phishing attack affecting employee email accounts. However, the actual breach period extended from July 19, 2024, meaning that for nearly four weeks, attackers had potential access to the information stored in those accounts. Seven Counties Services didn’t notify affected individuals until October 3, 2024—nearly two months after discovery. This notification delay meant that individuals had no way to proactively monitor their accounts or take protective measures during a critical window, a limitation of notification timing that applies to many data breaches.
Settlement Compensation and Available Benefits
The settlement offers three primary compensation options for affected individuals. The first and most accessible is a flat payment of $75, which requires only proof of membership in the affected class—essentially, evidence that you were a Seven Counties Services patient during the relevant period. The second option allows documented out-of-pocket losses up to $5,000, including expenses related to fraud or identity theft, professional fees for credit repair services, credit freeze costs, credit monitoring costs, and miscellaneous expenses directly resulting from the breach. The third benefit is enrollment in credit monitoring and identity theft protection services, which can be claimed in addition to either of the monetary compensation options.
For those with documented losses, reimbursement up to $5,000 can cover a range of concrete expenses. If you hired a credit repair service to correct fraudulent accounts, paid for expedited credit freezes across multiple bureaus, or incurred professional fees to resolve identity theft issues, these can be claimed. However, there’s a practical limitation: you must submit documentation proving these expenses—receipts, invoices, or statements showing payment. Simply having concerns about potential fraud without documented losses doesn’t qualify for the higher reimbursement tier, so the $75 flat payment becomes the default option for most claimants who cannot produce detailed expense records.
Settlement Claim Deadlines and Filing Process
The claim deadline for the Seven counties Services settlement is April 20, 2026, with claim forms required to be submitted online or postmarked by this date. This deadline matters significantly—missing it means losing eligibility entirely. As of now, you have approximately 11 months to gather documentation and submit your claim. The settlement administrator, Angeion Group, manages the claims process through the official settlement website at scssettlement.com.
To file a claim, you must access the claim form through the settlement website or request it directly from Angeion Group. The form requires basic identification information to establish your membership in the affected class, and if you’re seeking reimbursement for documented losses, you’ll need to attach copies of supporting documentation. One important consideration: submitting your claim online is faster and provides immediate confirmation, while mailing a postmarked form creates a paper trail but leaves room for postal delays or lost mail. The online submission option eliminates uncertainty about whether your claim will arrive before the deadline, making it the less risky choice for most people.
How to File Your Claim and Gather Supporting Documentation
The process for filing a claim begins at scssettlement.com, where you’ll find the claim form and submission instructions. If you’re claiming the $75 flat payment, you need minimal documentation—your identity and proof that you were receiving services at Seven Counties Services during the breach period. Proof can typically be established through a breach notification letter you received, billing statements, appointment records, or correspondence from Seven Counties Services. If you received the October 3, 2024 breach notification letter, that serves as official documentation of your inclusion in the affected class.
For those seeking reimbursement of documented losses up to $5,000, the documentation process requires more effort. You’ll need to gather receipts or invoices for any expenses you incurred as a result of the breach—such as credit monitoring service subscriptions, credit freeze fees, credit repair service payments, or professional fees paid to resolve fraudulent accounts. If you paid an attorney to address identity theft issues or hired a credit specialist, those fees are reimbursable. One practical comparison: claiming $75 takes 15 minutes and no documentation, while claiming $2,000 in losses requires collecting and organizing receipts, which might take 1-2 hours of effort. For most people, the flat payment represents the realistic choice given the documentation burden, even if they did incur some minor expenses.
Important Limitations and Common Claim Denials
The settlement explicitly covers documented out-of-pocket losses related to fraud, identity theft costs, professional fees, credit repair services, credit freeze costs, credit monitoring costs, and miscellaneous expenses directly caused by the breach. However, the settlement does not compensate for emotional distress, anxiety, or inconvenience from the breach itself—only verifiable financial losses. If you spent hours monitoring your credit reports or making phone calls to dispute fraudulent charges, those hours aren’t compensable. This is a significant limitation for anyone whose primary concern is the time and stress involved in addressing the breach’s aftermath.
Additionally, the flat $75 payment applies regardless of how much personal information was exposed in your specific case. If your entire medical history was accessed through the breach while someone else’s contact information was minimally exposed, both claimants receive the same $75 flat payment. The settlement also limits reimbursement to expenses that can be directly traced to this specific breach—if you had existing credit issues unrelated to the Seven Counties attack, you cannot claim those remediation costs. This limitation means that individuals with complex credit situations or multiple simultaneous data breaches may find it difficult to prove causation, potentially leaving legitimate expenses unclaimed.
Credit Monitoring and Identity Protection Services
One often-overlooked benefit of the settlement is the complimentary enrollment in credit monitoring and identity theft protection services. These services typically include monthly credit monitoring from the three major credit bureaus (Equifax, Experian, and TransUnion), alert notifications when changes occur in your credit file, and identity theft restoration assistance if fraud does occur. Unlike the monetary compensation, these services don’t require documentation or proof of loss—you simply need to verify your eligibility and enroll through the settlement administrator.
For individuals concerned about ongoing exposure from the breach, this service provides concrete protection at no cost. If credit fraud does occur following the breach, the identity theft protection service will typically cover restoration costs and provide dedicated assistance in resolving the issue. An example: if someone uses your Social Security number to open a fraudulent credit card account, the protection service helps you dispute the account, document the fraud, and restore your credit file. Enrollment is typically for a set period (often 2-3 years), giving you continuous monitoring well beyond the settlement payout itself.
Long-Term Data Security Implications and Future Outlook
The Seven Counties Services breach highlights the ongoing vulnerability of email-based systems to phishing attacks, even at established organizations. Seven Counties Services has operated since 1978 with significant community integration in Louisville, yet the phishing attack succeeded in compromising their systems for weeks before detection. This case underscores that data breaches increasingly occur not from major cybersecurity infrastructure failures, but from targeted social engineering—attackers convinced employees to provide access credentials. Moving forward, Seven Counties Services and similar healthcare providers face pressure to implement stronger email authentication protocols, mandatory phishing awareness training, and faster detection systems.
For affected individuals, this settlement represents one of an increasing number of healthcare data breaches that have occurred in recent years. The breach notification process has improved compared to decades past, with mandatory notification timelines established in most states. However, the two-month delay between breach discovery and notification to affected parties suggests room for further improvement in emergency response protocols. As healthcare and behavioral health organizations expand digital services and data collection, understanding your rights in settlement situations becomes increasingly important for consumers.
Conclusion
The Seven Counties Services Data Breach Class Action Settlement provides meaningful compensation for individuals affected by the July 19 to August 12, 2024 phishing attack. The settlement offers a $75 flat payment requiring no documentation, reimbursement up to $5,000 for documented losses, and complimentary credit monitoring and identity theft protection services. With a claim deadline of April 20, 2026, affected individuals have over a year to file through the official settlement website at scssettlement.com, with claims processed by Angeion Group.
If you received the October 3, 2024 breach notification letter or believe you were receiving services at Seven Counties Services during the breach period, you should file a claim before the deadline. For most claimants, the $75 flat payment offers reasonable compensation with minimal effort, while those with documented expenses related to fraud or credit monitoring can pursue reimbursement up to $5,000. Enrolling in the complimentary credit monitoring and identity theft protection services provides ongoing protection regardless of which compensation option you select.