$5.25M Cadence Bank MOVEit Data Breach Settlement, Are You Eligible to Claim?
Cadence Bank agreed to pay $5,250,000 to settle a class action lawsuit stemming from the 2023 MOVEit cyberattack — one of the largest data breaches in history — that exposed the personal information of nearly 900,000 Cadence Bank customers. Current and former Cadence Bank customers who received a breach notification letter around September 15, 2023, may file a claim for up to $10,000 in extraordinary losses, up to $2,500 in ordinary out-of-pocket expenses, or a flat $100 cash payment — plus two years of free three-bureau credit monitoring. The claim deadline is June 4, 2026.
Quick Facts
| Field | Detail |
| Settlement Amount | $5,250,000 |
| Claim Deadline | June 4, 2026 (online or postmarked) |
| Who Qualifies | All individuals who received a data breach notification from Cadence Bank confirming their PII was exposed in the May 2023 MOVEit cyberattack |
| Payout Per Person | Up to $10,000 (extraordinary losses); up to $2,500 (ordinary losses); OR flat $100 cash payment (no proof required); plus up to $100 for lost time |
| Proof Required | Yes — for loss claims; No — for $100 flat cash payment |
| Settlement Status | Preliminarily approved — open for claims |
| Administrator | Simpluris (contact: [email protected] / (833) 647-9001) |
| Official Website | MOVEitCadenceSettlement.com |
Current Status & What Happens Next
- Judge Allison D. Burroughs of the U.S. District Court for the District of Massachusetts — who presides over the broader MOVEit multidistrict litigation — granted preliminary approval of the Cadence Bank settlement on January 6, 2026.
- The claim deadline is June 4, 2026. Class members must submit their claim form online or by mail postmarked no later than that date to receive any benefit from the settlement.
- Payments and credit monitoring information will be issued to approved claimants approximately 90 days after the court grants final approval of the settlement. The final approval hearing date is TBD — check MOVEitCadenceSettlement.com for updates.
What Is the Cadence Bank MOVEit Data Breach Lawsuit About?
The data breach arose from a cyberattack linked to Progress Software’s MOVEit file transfer software — a tool used by thousands of organizations worldwide to move large amounts of sensitive data over the internet. Starting as early as 2021, a ransomware group known as Clop exploited vulnerabilities in MOVEit Transfer servers to steal customer data stored within. The breach affected over 2,500 private and government entities and an estimated 90 million individuals globally.
On June 1, 2023, Cadence Bank discovered an undisclosed zero-day vulnerability in its MOVEit Transfer application. The company applied software patches from MOVEit’s developer, enlisted cybersecurity and data analytics firms, and notified law enforcement. A subsequent investigation revealed that from May 28 to May 31, 2023, an unauthorized entity exploited the MOVEit vulnerability to access and retrieve personal information from the application. In-depth data analysis conducted on August 16, 2023, confirmed that personal data had likely been compromised.
The lawsuit alleged that Cadence Bank was independently responsible for determining which security features offered by MOVEit to employ, deciding whether data transferred through the application would be encrypted, and monitoring for early indicators of hacking attempts — and that the bank failed to implement the security guidance MOVEit itself provided. The lawsuit further alleged that Cadence Bank delayed sending affected individuals notice of the incident until September 15, 2023 — more than three months after learning of the breach in June 2023. Cadence Bank denies all wrongdoing and agreed to settle to avoid the costs and risks of continued litigation.
Who Is Eligible to File a Claim?
The settlement class includes all individuals who were notified by Cadence Bank that their personal information was exposed in the MOVEit data breach.
- You may qualify if you received a data breach notification letter or email from Cadence Bank on or around September 15, 2023, informing you that your personally identifiable information may have been compromised in the May 2023 MOVEit incident.
- You may qualify if you were a current or former Cadence Bank customer whose data was stored within the MOVEit application and accessed during the May 28–31, 2023 cyberattack.
- The types of personal information potentially exposed in the breach include names, addresses, Social Security numbers, dates of birth, and financial account data such as bank account numbers and credit card numbers.
- You may qualify whether or not you experienced actual identity theft or fraud — receipt of the Cadence Bank notification letter is the primary eligibility trigger.
- The cybersecurity incident impacted an estimated 869,411 individuals associated with Cadence Bank.
- You may not qualify if you did not receive a breach notification from Cadence Bank, or if you validly opt out of the settlement before the opt-out deadline.
If you received a notification letter but cannot locate it, contact the settlement administrator at [email protected] or (833) 647-9001. Your Unique ID and PIN from the settlement notice are needed to file online.
How Much Can You Receive?
All class members are eligible for two years of three-bureau credit monitoring, dark web monitoring, $1 million in identity theft insurance, and access to fraud resolution and identity theft restoration agents — plus one of three cash benefit options.
Option 1 — Extraordinary Losses (with documentation, up to $10,000)
Class members who experienced identity theft, fraud, or other significant financial harm traceable to the MOVEit breach can claim up to $10,000 in extraordinary losses. To support an extraordinary losses claim, you must provide documentation showing the amount, date, and nature of the monetary loss — such as bank or credit card statements showing fraudulent charges, invoices, a police report, and other proof of identity theft or fraud.
Option 2 — Ordinary Losses (with documentation, up to $2,500)
Class members who incurred out-of-pocket expenses directly related to the breach can claim up to $2,500 in ordinary losses. Covered ordinary losses include bank or credit card fees, postage, gas for local travel, fees for credit reports or credit monitoring, and up to four hours of lost time at $25 per hour — a maximum of $100 for lost time. Supporting documentation such as receipts, statements, or invoices is required.
Option 3 — Alternative Flat Cash Payment (no proof required)
Instead of documenting losses, class members may choose a flat $100 cash payment with no proof required. This payment may be subject to pro-rata increase or decrease depending on the total number of valid claims submitted.
Here is a summary of all benefit tiers:
| Benefit | Maximum Amount | Proof Required |
| Extraordinary Losses | $10,000 | Yes — bank statements, police report, invoices |
| Ordinary Losses | $2,500 | Yes — receipts, statements, or invoices |
| Lost Time | $100 (4 hrs × $25/hr) | Yes — brief description of time spent |
| Alternative Cash Payment | $100 (pro-rata) | No |
| Credit Monitoring | 2 years (3-bureau) | No |
| Identity Theft Insurance | $1,000,000 | No |
How to File a Claim
Step 1 — Visit the official settlement website at MOVEitCadenceSettlement.com to access the online claim form.
Step 2 — Locate your Unique ID and PIN from the settlement notice mailed to you and use them to log in to the online claim portal.
Step 3 — Select your benefit option: extraordinary losses (up to $10,000), ordinary losses (up to $2,500), or the flat $100 alternative cash payment.
Step 4 — If claiming extraordinary losses, upload documentation showing the amount, date, and nature of your loss — such as bank statements showing fraudulent charges, a police report, or identity theft-related invoices.
Step 5 — If claiming ordinary losses or lost time, upload supporting documentation such as receipts, credit monitoring invoices, or a brief written description of the time you spent addressing the breach.
Step 6 — Submit your claim online by June 4, 2026, or download the printable claim form and mail it postmarked no later than June 4, 2026, to: MOVEit Cadence Bank Data Breach, c/o Settlement Administrator, P.O. Box 25226, Santa Ana, CA 92799-9834.
For questions, contact Simpluris at [email protected] or (833) 647-9001.
Estimated time to complete: 5–15 minutes (depending on whether you are documenting losses).
Important Deadlines & Dates
| Milestone | Date |
| MOVEit Breach Occurred | May 28–31, 2023 |
| Cadence Bank Discovers Breach | June 1, 2023 |
| Data Analysis Confirms Exposure | August 16, 2023 |
| Breach Notification Sent to Customers | September 15, 2023 |
| Lawsuit Filed (Adams v. Cadence Bank) | December 2023 |
| Settlement Agreement Executed | December 15, 2025 |
| Preliminary Approval Granted | January 6, 2026 |
| Claims Period Opens | January 2026 |
| Opt-Out Deadline | TBD — check MOVEitCadenceSettlement.com |
| Objection Deadline | TBD — check MOVEitCadenceSettlement.com |
| Claim Filing Deadline | June 4, 2026 (online or postmarked) |
| Final Approval Hearing | TBD |
| Expected Payment Date | Approx. 90 days after final approval |
Frequently Asked Questions
Do I need a lawyer to file a claim?
No. Class counsel from Cohen Milstein Sellers & Toll PLLC and co-lead counsel from the MOVEit MDL represent all class members at no individual cost. You can file your claim directly at MOVEitCadenceSettlement.com without hiring your own attorney. If you want separate legal representation, you may do so at your own expense.
Is this settlement legitimate?
Yes. The case, Adams, et al. v. Cadence Bank, et al., Case No. 1:23-cv-13071, is part of the In re: MOVEit Customer Data Security Breach Litigation multidistrict litigation, MDL No. 1:23-md-03083-ADB, before Judge Allison D. Burroughs in the U.S. District Court for the District of Massachusetts. The settlement administrator is Simpluris — a recognized court-appointed administrator. Always use only the official website at MOVEitCadenceSettlement.com before submitting any personal information.
When will I receive my payment?
Payments and credit monitoring information will be issued to approved claimants approximately 90 days after the court grants final approval of the settlement. The final approval hearing date has not yet been publicly confirmed — monitor MOVEitCadenceSettlement.com for updates.
What if I missed the claim deadline?
The claim deadline is June 4, 2026. Missing that deadline disqualifies you from receiving any payment or credit monitoring from this settlement. Unless you opt out before the opt-out deadline, you will also release your right to sue Cadence Bank separately over the MOVEit breach claims.
Will this settlement payment affect my taxes?
Data breach settlement payments may be treated as taxable income by the IRS depending on the type of payment and your individual situation. The settlement administrator may issue a 1099 form for cash payments. Consult a qualified tax professional for advice specific to your circumstances, particularly for larger extraordinary loss reimbursements.
What is MOVEit and why did it affect so many people?
MOVEit Transfer is a file transfer application made by Progress Software that thousands of organizations use to move large amounts of sensitive data over the internet. In May 2023, the ransomware group Clop exploited a zero-day vulnerability in MOVEit to steal data from over 2,500 private and government entities, exposing an estimated 90 million individuals globally. Cadence Bank was one of hundreds of organizations whose customer data was stolen through this single vulnerability.
How does this settlement compare to other MOVEit settlements?
The Cadence Bank settlement mirrors the structure used across the broader MOVEit MDL. Similar settlements — such as the $8.5 million Nuance Communications settlement and the $9.95 million National Student Clearinghouse settlement — offer the same three-tier claim structure: extraordinary losses, ordinary losses, and a flat cash alternative. Cohen Milstein serves as one of five court-appointed co-lead counsel overseeing the entire MOVEit MDL, ensuring consistent settlement terms across the coordinated cases.
Can I file a claim if my information was exposed in other data breaches too?
Yes. Being a class member in this Cadence Bank settlement does not affect your eligibility to file claims in other unrelated data breach settlements. If you also received breach notifications from other companies, you may have separate claims to file — for example, the Lockton data breach settlement claims cover a separate November 2024 breach incident involving similar data types and an April 7, 2026 deadline. Likewise, if you are a Comcast customer, the Comcast data breach class action settlement is an entirely separate $117.5 million settlement with a claim deadline of August 14, 2026, that may also apply to you.
Sources & References
- Official Settlement Website (Simpluris): MOVEitCadenceSettlement.com
- Bloomberg Law — Preliminary Approval Granted (January 6, 2026): news.bloomberglaw.com
- Law360 — Cadence Bank Seeks 1st Nod for $5.25M Data Breach Deal (December 19, 2025): law360.com
- Maine Attorney General — Cadence Bank Breach Notice (2023): maineag.gov
Last Updated: March 11, 2026
Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah