Tri Counties Bank reached a $1.185 million data breach settlement after 74,385 customers and employees had their sensitive personal information compromised through unauthorized third-party access on or around February 7, 2023. This class action settlement provides compensation for documented financial losses from fraud and identity theft, with qualifying claimants eligible to receive between $100 and $5,000 depending on their specific out-of-pocket expenses and location.
For example, a California resident who documented $2,500 in fraudulent charges resulting from the breach could claim $2,500 in direct losses plus an additional $150 statutory California payment under the settlement terms. The settlement represents a meaningful recovery opportunity for affected individuals, though like many data breach settlements, the actual per-claimant payouts will depend on how many eligible people file claims by the April 21, 2026 deadline. Beyond cash compensation, the settlement includes one year of credit monitoring services and $1 million in identity theft insurance coverage, providing layers of protection for those seeking to minimize ongoing financial risk.
Table of Contents
- What Was the Tri Counties Bank Data Breach and Who Was Affected?
- How Much Compensation Can Affected Individuals Receive?
- What Additional Protections and Services Are Included?
- How Do You File a Claim and What Documentation Is Required?
- What Are the Key Limitations and Risks of This Settlement?
- Who Manages the Settlement and How Is Payment Distributed?
- What Does This Settlement Mean for Consumer Data Security Going Forward?
What Was the Tri Counties Bank Data Breach and Who Was Affected?
On or around February 7, 2023, Tri Counties bank discovered that unauthorized third parties had gained access to its database files containing sensitive personal information. The breach exposed information belonging to 74,385 customers and employees—a significant number that reflects both the bank’s retail customer base and internal staffing. The compromised data included the types of information typically targeted in financial institution breaches: names, addresses, Social Security numbers, financial account details, and driver’s license numbers.
What set this breach apart from many others is the speed and scope of the settlement resolution. The class action lawsuit alleged negligent data security practices, breach of contract, and statutory violations—claims that are common in financial services litigation but require substantial evidence of failure to implement reasonable protections. Tri Counties Bank, a regional financial institution based in California, serves communities across multiple counties, making this breach particularly significant within its service areas. Unlike breaches at major national banks that might affect millions of customers but result in smaller per-capita settlements, this regional bank’s breach created a more concentrated impact among its customer base.
How Much Compensation Can Affected Individuals Receive?
The settlement’s compensation structure distinguishes between those who suffered documented financial losses and those who were exposed but did not incur measurable out-of-pocket expenses. Claimants with documented losses can receive reimbursement up to $5,000 for expenses including unauthorized charges, credit monitoring service costs, credit freeze fees, postage and notary fees associated with fraud disputes, travel expenses related to resolving fraud, and time spent addressing identity theft issues. This approach—rewarding actual harm—differs from some settlements that pay flat amounts regardless of impact. For class members without documented losses, the settlement provides an alternative payment of approximately $100.
This baseline compensation acknowledges the time and effort required to file a claim and the general inconvenience of having personal information exposed, even if no direct fraud occurred. However, a significant limitation to understand: California residents have an advantage built into the settlement. Those who resided in California between February 7, 2023 and April 21, 2026 are eligible for an additional $150 statutory payment under California’s data privacy laws, creating a meaningful incentive to include California residence documentation with claims. Non-California residents cannot access this enhanced payment, regardless of their other losses—a geographic disparity that reflects varying state privacy protections.
What Additional Protections and Services Are Included?
Beyond cash compensation, the settlement provides credit monitoring services for one year at no cost to claimants. In the context of identity theft following a data breach, continuous monitoring becomes essential because fraudsters sometimes delay using stolen credentials, meaning threats can emerge months after initial exposure. A claimant might receive legitimate monitoring alerts indicating someone attempted to open a credit card in their name six months after filing a claim, demonstrating why the 12-month protection window provides meaningful coverage during the highest-risk period.
The settlement also includes $1 million in identity theft insurance coverage per claimant. This insurance typically covers costs that aren’t reimbursable through the direct settlement payout—such as legal fees for contesting fraudulent debts, costs of hiring identity theft resolution services, or lost wages during time spent addressing fraud issues. Unlike the cash compensation that requires documentation of specific expenses, identity theft insurance acts as a safety net for unexpected, catastrophic identity theft situations. For example, if a claimant discovers that someone has opened six new credit accounts in their name and racked up $30,000 in fraudulent debt, the identity theft insurance can help cover the professional costs of unraveling that situation, whereas the settlement’s cash component would only reimburse documented losses up to $5,000.
How Do You File a Claim and What Documentation Is Required?
The settlement offers two filing methods: online through the dedicated settlement website at tricountiessettlement.com, or offline by mail for those preferring traditional submission. The online option streamlines the process, allowing claimants to submit documentation digitally and receive status updates in real-time. The offline method requires claimants to use the CPT ID and passcode provided in their original settlement notice—without these credentials, mail submissions cannot be processed, making it essential to retain the settlement notification letter rather than discarding it as junk mail. Documentation requirements depend on the compensation category being claimed.
Those seeking reimbursement for documented losses must gather receipts, credit reports showing fraudulent accounts, bank statements showing unauthorized transactions, credit card statements, notary affidavits, or other contemporaneous proof of the losses being claimed. This creates a tradeoff: while the potential $5,000 maximum payout is substantially higher than the $100 baseline, it requires significantly more effort to gather and organize months of financial records. A claimant who suffered $800 in fraudulent charges but cannot locate bank statements proving the fraud would default to the $100 no-documentation payment, while a claimant with meticulous records of $2,200 in documented losses plus a California residence could receive $2,350 total ($2,200 + $150 California bonus). The deadline of April 21, 2026 means claimants have limited time to compile these materials, particularly those who experienced fraud earlier in 2023 and may have incomplete records.
What Are the Key Limitations and Risks of This Settlement?
One significant limitation is the payment pool uncertainty that affects all settlement distributions. While the settlement fund is set at $1.185 million, this amount must cover not only claimant payments but also costs for claims administration, settlement notices, and potentially attorney’s fees and court-approved costs. If substantially more people file claims than anticipated, particularly with documented losses approaching the $5,000 maximum, the settlement administrator may implement a proportional reduction—meaning everyone receives a percentage of their claim rather than the full amount. For example, if 500 California residents each claim $5,000 in losses plus $150 California payments for a combined total of $2.575 million in requested compensation against a $1.185 million fund, the administrator might pay 46% of approved claims, resulting in payouts of approximately $2,371 per person instead of $5,150.
Another limitation worth understanding: if you have already obtained compensation for fraud losses through other channels—such as chargeback disputes with your credit card company or reimbursement from the bank itself—you may not be eligible to claim those same losses twice in the settlement. The settlement is designed to compensate for losses directly resulting from the breach, not to provide windfalls beyond actual harm. Additionally, there are time limitations on how far back you can claim losses. Typically, settlement documents specify that only losses incurred from the breach date forward qualify for reimbursement; pre-breach fraud or financial problems cannot be attributed to this incident.
Who Manages the Settlement and How Is Payment Distributed?
A settlement administrator, selected by the court, manages all claim submissions, verification, and payment distribution. The administrator reviews submitted claims for completeness and credibility, cross-references documentation to prevent duplicate claims, and coordinates payment processing. Payments are typically distributed to claimants via check or direct deposit, depending on the submission method and the administrator’s capabilities.
The timeline from claim approval to payment generally ranges from 60 to 90 days, though this can vary based on the volume of claims and the complexity of verification required. Once approved, settlement payments are processed and distributed according to a schedule published by the settlement administrator. Claimants should retain confirmation of their claim submission and follow up if they don’t receive payment within the published timeframe, as processing delays or lost checks can occasionally occur. The settlement’s terms are publicly available through the settlement website and the official court documents, allowing claimants to understand exactly how the administrator will prioritize claims and distribute funds.
What Does This Settlement Mean for Consumer Data Security Going Forward?
This $1.185 million settlement reflects ongoing regulatory pressure on financial institutions to implement strong data security practices. Tri Counties Bank’s breach, caused by third-party unauthorized access, is a reminder that security threats often originate outside an institution’s direct control—through compromised vendor access, software vulnerabilities, or coordinated cyberattacks. The settlement doesn’t necessarily mean the bank’s security practices were negligent by 2023 standards, but rather that the legal system determined the bank should have implemented stronger protections against third-party threats.
The broader implication for consumers is that data breach settlements have become a standard cost of doing business in financial services. While settlements provide compensation and insurance, they represent a reactive approach to security rather than a preventive one. Consumers affected by breaches should view settlements as partial recovery mechanisms while maintaining their own vigilance through credit monitoring, fraud alerts, and careful review of financial statements—protections that remain essential even after settlement compensation and insurance coverage are exhausted.
You Might Also Like
- Flagstar Bank $31.5 Million Data Breach Class Action Settlement
- Varsity Brands $1.1 Million Data Breach Class Action Settlement
- T-Mobile $350 Million Customer Data Breach Class Action Settlement
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: