Cadence Bank $5.25M Settlement Over MOVEit Data Breach Exposing Customer PII

The Cadence Bank $5.25M Settlement Over MOVEit Data Breach Exposing Customer PII settlement offers $5.25M in total, with individual payouts of $100 to $12.50K to eligible claimants who you are a current or former cadence bank customer whose personal information may have been impacted by the moveit incident. The deadline to file is June 4, 2026. Proof of purchase is required.

Deadline

67 days remaining

Deadline: June 4, 2026

Total Settlement Amount

$5.25M

Total amount allocated for all claims

Individual Payout Range

$100 to $12.50K

Estimated amount per eligible claim

Proof of Purchase

Required

Online filing requires the Unique ID and PIN from the settlement notice. Ordinary-loss claims need documentation such as receipts, invoices, or account statements showing unreimbursed out-of-pocket costs (and, if claiming lost time, details supporting hours spent). Extraordinary-loss claims require proof showing the amount, date, and type of loss and its connection to fraud/identity theft, such as bank/credit card statements reflecting unauthorized charges, credit repair or professional-service invoices, and supporting records like police reports or identity-theft/fraud documentation.

Settlement Summary

The lawsuit stems from the wider 2023 MOVEit incident, in which attackers exploited a vulnerability in Progress Software’s MOVEit Transfer file‑sharing tool—a product used by thousands of organizations to move large batches of sensitive data. Cadence Bank says the intrusion window ran roughly May 28–31, 2023, and notices went out around mid‑September to affected people; the settlement materials estimate about 869,411 individuals connected to the bank may have had personally identifying information (PII) exposed. Because MOVEit was a common vendor platform, the same underlying exploit rippled across industries, ultimately affecting thousands of public and private entities and tens of millions of individuals. Plaintiffs filed the case alleging Cadence failed to use reasonable data‑security practices and oversight, allowing customer PII to be put at risk through a third‑party system the bank relied on. Cadence denies wrongdoing but agreed to a $5.25 million settlement to avoid the cost and uncertainty of litigation, offering tiered reimbursements (up to $2,500 for documented out‑of‑pocket costs and up to $10,000 for documented extraordinary losses tied to the breach), an alternative pro‑rata cash payment for those without documented losses, and two years of credit monitoring and identity‑theft protection; it also committed to at least $3.5 million in security enhancements. The significance is less about a single payout and more about accountability: the case pressures financial institutions to treat vendor tools as part of their own security perimeter and to compensate customers not only for proven fraud but also for the time, fees, and protective steps people take after a breach. More broadly, Cadence’s agreement fits a growing pattern of MOVEit-related class actions where victims argue that organizations should have better safeguarded data in transit, limited what was stored or shared, and reacted faster once the vulnerability became public. In the U.S. banking context, regulators already expect robust cybersecurity and third‑party risk management—through frameworks like the Gramm‑Leach‑Bliley Act’s Safeguards Rule (as enforced by the FTC for covered institutions) and the federal banking agencies’ guidance on vendor oversight and incident response—and these cases reinforce that failing to manage vendors can carry real legal and financial consequences even when the initial flaw sits in a widely used software product.

Entities Involved

Cadence Bank

MOVEit

MOVEit file transfer application

Settlement Administrator (MOVEit Cadence Bank Data Breach)

Simpluris

PayPal

Venmo

Zelle

Eligibility Requirements

You are a current or former Cadence Bank customer whose personal information may have been impacted by the MOVEit incident
You received a notice from Cadence Bank (around Sept. 15, 2023) stating your PII may have been affected
The impacted event relates to the MOVEit breach timeframe of May 28–May 31, 2023
To receive money for losses, you must submit a timely claim by June 4, 2026
For reimbursement of ordinary or extraordinary losses, you must provide supporting documentation showing unreimbursed losses
If you choose the alternative cash payment, you must submit a claim but do not submit loss documentation for ordinary/extraordinary losses
To receive credit monitoring/identity protection, you must elect that benefit as part of the settlement process

File Your Claim Now

Featured Investigations

Latest class action investigations that may lead to future settlements

View All

investigation

2/19/2026

Hair Relaxer Cancer Lawsuits

Chemical hair straighteners are under scrutiny after a groundbreaking study linked them to uterine cancer. Lawsuits allege manufacturers knew of the risks but failed to warn consumers.

Stay Updated

Subscribe to our newsletter for the latest settlement updates and news.

Important Notice About Filing Claims

Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.

If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.

Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.