$8.7M Sequoia Benefits Data Breach Class Action Lawsuit Settlement, Claim Up to $7,500 By March 11, 2026

ByAll About Lawyer Reading Time: 11 minutes

Sequoia Benefits & Insurance Services and Sequoia One PEO established an $8.7 million class action settlement after a September-October 2022 data breach exposed Social Security numbers, driver’s license numbers, and medical information of 584,109 consumers. Class members can claim up to $7,500 for documented losses plus alternative compensation, but you must file by March 11, 2026.

California residents average $225 per claim while other states average $75 based on current projections—but actual amounts depend on how many people file claims.

Who Can Claim the Sequoia Settlement

You can file a claim if: Sequoia Benefits & Insurance Services or Sequoia One PEO notified you that the September 22 through October 6, 2022 data breach may have impacted your personal information.

Settlement website: www.sequoiadatasettlement.com (official claim portal)

Who to call: 833-630-5405 (Kroll Settlement Administration)

Mailing address: Sequoia Data Breach Settlement, c/o Kroll Settlement Administration, P.O. Box 225391, New York, NY 10150-5391

The breach occurred when unauthorized third parties accessed Sequoia’s cloud storage system between September 22 and October 6, 2022. Hackers compromised 584,109 individuals’ data including Social Security numbers, driver’s license numbers, medical information, health insurance details, financial information, and other sensitive personal data.

You’re entitled to reimbursement for losses, alternative cash payments, and the protection services you need. But the March 11, 2026 deadline is firm.

What Happened in the Sequoia Data Breach

When Did the Breach Occur?

The cyberattack happened between September 22 and October 6, 2022, when unauthorized third parties accessed Sequoia’s cloud storage system containing sensitive customer and employee information.

Sequoia Benefits & Insurance Services and Sequoia One PEO discovered the breach and began investigating. After determining what information was compromised, they notified 584,109 affected individuals—including 210,673 California residents.

What Is Sequoia Benefits and Insurance?

Sequoia Benefits & Insurance Services LLC (doing business as Sequoia Group) and Sequoia One PEO LLC are California-based human resources management companies. They provide benefits administration, insurance services, and professional employer organization (PEO) services to businesses and their employees.

The companies manage sensitive employee data including health benefits enrollment, insurance claims, payroll information, and human resources records for client companies across the United States.

What Personal Information Was Exposed?

The breach compromised multiple categories of highly sensitive data. Information varied by individual but may have included Social Security numbers, driver’s license numbers, medical information and health records, health insurance information, financial account data, dates of birth, names and addresses, phone numbers and email addresses, and employment information.

Social Security numbers and medical information create elevated identity theft and fraud risks. Compromised health data can be used for medical identity theft—fraudsters obtaining medical care or prescription drugs using stolen identities.

How Did Sequoia Respond?

Following breach discovery, Sequoia launched an investigation with third-party cybersecurity experts to determine the scope and nature of the incident. The company identified what specific information was compromised and which individuals were affected.

Sequoia mailed notification letters to all 584,109 affected individuals explaining what information may have been accessed. The company initially offered complimentary credit monitoring and identity protection services.

What the $8.7M Sequoia Settlement Provides

Settlement Fund Allocation

Sequoia agreed to pay $8.7 million to resolve the class action lawsuit. The settlement is “non-reversionary,” meaning unclaimed funds don’t return to Sequoia—they go to cy pres recipients or additional class member benefits.

The $8.7 million covers class member claims, settlement administration costs, plaintiff attorney fees and expenses (up to 33% of the settlement fund), service awards to class representatives, and costs for claim processing and distribution.

What Can You Claim?

Option 1 – Expense Reimbursement (Up to $7,500): Claim reimbursement for actual, unreimbursed out-of-pocket losses incurred on or after September 22, 2022, that are reasonably traceable to the breach. This includes:

  • Unreimbursed costs from identity theft, fraud, or data misuse
  • Fees for credit monitoring or identity theft protection you purchased
  • Bank fees, overdraft charges, or card replacement costs
  • Notary, fax, postage, mileage, or phone charges
  • Professional services like credit repair or legal consultation
  • Time spent dealing with breach consequences (documented at $25/hour, up to 5 hours)

You must provide reasonable documentation. Self-prepared documents alone aren’t sufficient but can support other documentation like receipts, bank statements, or invoices.

Option 2 – Alternative Cash Payment: Claim a cash payment without documenting losses. You must certify your eligibility on the claim form. The payment amount depends on total valid claims filed—higher if fewer people claim, lower if many claim.

Current projections: California residents average $225, other states average $75. However, these are estimates based on expected claim rates. Actual amounts are calculated pro rata after all claims are processed.

What Sequoia Must Do

Beyond monetary payments, Sequoia agreed to implement specified data security practices and procedures. The exact security improvements are confidential but were negotiated as part of the settlement to prevent future breaches.

Who Qualifies for the Sequoia Settlement

Are You a Class Member?

You qualify if you received a notification letter from Sequoia stating the September 22 through October 6, 2022 data breach may have impacted your personal information. You must be in the United States.

Official settlement website: www.sequoiadatasettlement.com
Settlement administrator: Kroll Settlement Administration at 833-630-5405

This includes current and former employees of companies using Sequoia’s services, dependents and family members covered under benefits plans, insurance policyholders whose information Sequoia maintained, and anyone else Sequoia notified about the breach.

How to Verify Eligibility

Check whether you received a notification letter from Sequoia between late 2022 and early 2023 explaining your data may have been compromised. The letter would have included details about what information was exposed.

If you’re unsure whether you received notice, contact Kroll Settlement Administration at 833-630-5405. Have your personal information ready. The settlement administrator can verify whether you’re on Sequoia’s list of affected individuals.

What Proof Do You Need?

Your claim form requires the class member ID from your notification letter plus contact information. For expense reimbursement up to $7,500, provide documentation of losses—receipts, invoices, bank statements, credit reports showing fraudulent accounts, or other third-party documents.

For alternative cash payment, no loss documentation is required. You must certify on the claim form that you’re an eligible class member.

How to File Your Sequoia Settlement Claim

Where and When to File

Official settlement website: www.sequoiadatasettlement.com

File online: Complete your claim at www.sequoiadatasettlement.com

Mail claims to:
 Sequoia Data Breach Settlement
c/o Kroll Settlement Administration
P.O. Box 225391
New York, NY 10150-5391

Phone: 833-630-5405 (questions and assistance)

Claim deadline: March 11, 2026. Online submissions must be completed by March 11. Mailed claims must be postmarked by March 11, 2026. Missing this deadline forfeits compensation rights.

What Information to Provide

Complete the claim form with your full name, current address, phone number, and email. Provide your class member ID from your breach notification letter.

Choose Option 1 (expense reimbursement up to $7,500) or Option 2 (alternative cash payment). For Option 1, itemize expenses with dates, amounts, and descriptions. Attach supporting documentation.

For direct deposit, provide banking information including routing and account numbers.

How Claims Are Processed

Kroll Settlement Administration reviews all claims for validity and completeness. Claims with insufficient documentation may be partially approved, denied, or returned for additional information.

The claims administrator has discretion to determine whether claimants are class members, whether expenses are fairly traceable to the breach, and whether documentation is adequate.

Processing begins after the April 7, 2026 final approval hearing. Settlement checks are issued within 60 days after the settlement becomes effective or within 30 days after claim review completion, whichever is later.

Your Rights After a Data Breach

What Companies Must Do

State data breach notification laws require companies to notify affected consumers when personal information is compromised. All 50 states have notification statutes with varying requirements.

California’s strict data breach law (Civil Code § 1798.82) requires notification within specified timeframes and disclosure of what information was compromised. Companies must report breaches to the California Attorney General if more than 500 California residents are affected.

The FTC Act Section 5 prohibits unfair practices including inadequate data security. Companies failing to implement reasonable security measures face FTC enforcement actions and consumer lawsuits.

Why This Breach Matters

Social Security numbers enable identity theft including fraudulent credit applications, tax fraud, and employment fraud. Medical information creates medical identity theft risks—fraudsters obtaining healthcare using stolen identities.

The consequences persist for years. Stolen Social Security numbers can’t be changed. Medical identity theft can corrupt your medical records with someone else’s diagnoses, treatments, and prescriptions—creating life-threatening errors.

How Data Breach Class Action Settlements Work

The Settlement Process

After Sequoia’s breach, affected consumers filed lawsuits alleging negligence, failure to implement reasonable security, breach of contract, and violations of California data protection laws. Multiple similar lawsuits were consolidated in the Northern District of California.

During discovery, plaintiffs obtained evidence about Sequoia’s security practices, the breach scope, and damages. Parties negotiated settlement terms announced May 9, 2025. Judge Rita F. Lin granted preliminary approval September 9, 2025.

The final approval hearing is April 7, 2026. If approved with no appeals, claim processing proceeds and payments are distributed within 60 days.

Why Settlements Are Common

Trials are expensive, time-consuming, and unpredictable for both sides. Settlements provide guaranteed relief to class members while allowing defendants to resolve liability and avoid prolonged litigation.

Data breach damages can be difficult to prove. Many class members haven’t experienced identity theft yet—their harm is increased risk of future fraud. Settlements compensate even without proven actual damages.

What Happens to Unclaimed Funds

This settlement is non-reversionary. If funds remain after all valid claims and approved expenses are paid, parties meet and confer about using residual funds for additional class member benefits or cy pres awards to consumer protection or data security organizations.

Unclaimed funds won’t return to Sequoia. They benefit class members through secondary distributions or organizations advancing consumer protection and data security.

What to Do If You Were Affected

File Your Claim Before March 11, 2026

Visit www.sequoiadatasettlement.com and complete the online claim form, or download, print, and mail a paper form. Call 833-630-5405 if you need assistance.

Gather documentation of losses—fraudulent charges, credit monitoring costs, bank fees, professional services, time spent resolving issues. Include receipts, statements, invoices, and correspondence.

Even without documented losses, file for alternative cash payment. Don’t leave money on the table. Current projections show $75-$225 per claimant depending on location and claim volume.

Protect Yourself from Identity Theft

Place fraud alerts on credit reports by contacting any credit bureau (Equifax, Experian, or TransUnion). They notify the others. Fraud alerts are free and last one year, renewable.

Consider credit freezes preventing new account openings. Freezes are free under federal law. Monitor credit reports regularly—get free reports from each bureau annually at AnnualCreditReport.com.

Watch for signs of identity theft: unfamiliar charges on accounts, bills for services you didn’t receive, collection notices for debts you don’t owe, tax filing issues indicating someone filed returns using your information, or denial of credit you should qualify for.

Report any fraud immediately to IdentityTheft.gov, create a recovery plan, file police reports, and contact creditors.

Your Legal Options Beyond Settlement

Can You Sue Sequoia Separately?

You can opt out and file an individual lawsuit. Opt-out requests must be mailed and postmarked by February 9, 2026. Once you opt out, you forfeit settlement benefits but preserve your right to sue independently.

Individual lawsuits may recover higher damages if you suffered substantial identity theft, medical identity theft, financial losses, or emotional distress. Consult a data breach or consumer protection attorney to evaluate whether individual litigation makes sense.

Time Limits to Know

State statutes of limitations for data breach claims vary, typically 2-4 years from breach discovery or when you discovered harm. California’s limitations periods differ for negligence versus contract claims.

Don’t delay exploring legal options. Evidence becomes harder to gather, memories fade, and limitations periods expire. If considering individual action, consult attorneys promptly.

Where to Find Reliable Information

Official settlement website: www.sequoiadatasettlement.com (claim forms, FAQs, settlement documents)

Settlement administrator: Kroll Settlement Administration

  • Phone: 833-630-5405
  • Mail: P.O. Box 225391, New York, NY 10150-5391

Court records: PACER (pacer.uscourts.gov) for Case No. 3:22-cv-08217-RFL, U.S. District Court for the Northern District of California

Identity theft resources: IdentityTheft.gov (FTC website for reporting and recovery plans)

Free credit reports: AnnualCreditReport.com

Credit bureau fraud contacts:

  • Equifax: 800-685-1111
  • Experian: 888-397-3742
  • TransUnion: 800-916-8800

Frequently Asked Questions

What is the Sequoia data breach?

Sequoia Benefits & Insurance Services and Sequoia One PEO experienced a cyberattack between September 22 and October 6, 2022, when unauthorized third parties accessed their cloud storage system. The breach exposed Social Security numbers, driver’s license numbers, medical information, health insurance details, and financial data of 584,109 consumers. The $8.7 million settlement compensates affected individuals.

Am I eligible for the $8.7M settlement?

You’re eligible if Sequoia Benefits & Insurance Services or Sequoia One PEO sent you a notification letter about the September-October 2022 data breach stating your personal information may have been impacted. You must be in the United States. Contact Kroll Settlement Administration at 833-630-5405 if unsure about your eligibility.

How much money can I get?

You can claim up to $7,500 for documented losses or receive an alternative cash payment without documentation. Current projections show California residents averaging $225 and other states averaging $75, but actual amounts depend on how many people file claims. Payments are calculated pro rata after all valid claims are processed.

How do I file a claim?

Visit www.sequoiadatasettlement.com to file online or call 833-630-5405 for help. You can also mail completed forms to Sequoia Data Breach Settlement, c/o Kroll Settlement Administration, P.O. Box 225391, New York, NY 10150-5391. Claims must be submitted online or postmarked by March 11, 2026. Include your class member ID and documentation for any losses claimed.

What is the deadline?

The claim deadline is March 11, 2026. Online claims must be submitted by March 11. Mailed claims must be postmarked by March 11, 2026. Missing this deadline means you forfeit compensation. If you want to opt out and sue individually, opt-out requests must be postmarked by February 9, 2026.

What should I do if I experience identity theft?

Report identity theft immediately to IdentityTheft.gov and create a recovery plan. Place fraud alerts by calling any credit bureau. File police reports. Contact creditors and banks about fraudulent accounts. Document everything—keep records for potential reimbursement claims under the settlement up to $7,500.

When will I receive payment?

The final approval hearing is April 7, 2026. If approved and no appeals are filed, settlement checks are issued within 60 days after the settlement becomes effective or within 30 days after claim review completion, whichever is later. Appeals can delay payments.

Pro Tip: File your claim now rather than waiting until March 11 approaches. Claim forms require gathering documentation, and the settlement administrator needs time to process submissions. Filing early avoids last-minute technical issues or mail delays that could cost you up to $7,500 in compensation.

Disclaimer: This article about the $8.7M Sequoia Benefits and Insurance data breach class action settlement is informational only, based on the settlement agreement and publicly available court documents. Settlement details may change pending final court approval on April 7, 2026, or if appeals are filed. AllAboutLawyer.com doesn’t represent any party and doesn’t provide legal services or advice. For questions about eligibility, claim filing, or individual legal options, consult a qualified data breach or consumer protection attorney.

Stay informed, stay protected. — AllAboutLawyer.com

Last Updated: January 14, 2026 — We keep this current with the latest legal developments

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *