A Ransomware Gang Stole Your SSN From Your Employer’s Payroll Company Complete Payroll Solutions Is Now Paying $2.6 Million

Complete Payroll Solutions, LLC agreed to pay $2,600,000 to settle a class action lawsuit stemming from a March 2024 ransomware attack that exposed employees’ names, Social Security numbers, driver’s license numbers, financial information, and health insurance data. Anyone who received a breach notice from CPS may claim an estimated $100 cash payment, up to $5,000 for documented out-of-pocket losses, and three years of free credit monitoring. The claim deadline is June 18, 2026.

Quick Facts

Field	Detail
Settlement Amount	$2,600,000
Claim Deadline	June 18, 2026
Who Qualifies	Anyone who received a CPS breach notice or was identified as having their data impacted in the March 10, 2024 incident
Cash Payment (No Proof)	Estimated $100 pro rata
Out-of-Pocket Losses (With Proof)	Up to $5,000
Credit Monitoring	3 years — 1-bureau monitoring, $1M identity theft insurance, dark web monitoring
Proof Required	No for cash payment; Yes for loss reimbursement
Settlement Status	Proposed — Fairness Hearing June 25, 2026
Administrator	Kroll Settlement Administration LLC
Official Website	CPSSettlement.com

Current Status & What Happens Next

• The settlement is proposed and awaiting final court approval. The Court is scheduled to hold a Final Fairness Hearing on June 25, 2026, at 2:00 p.m. ET at the United States District Court for the District of Massachusetts, 1 Courthouse Way, Suite 2300, Boston, Massachusetts.
• The deadline to opt out or object is May 19, 2026. The claim filing deadline is June 18, 2026 — one week before the hearing.
• Settlement Class Member benefits will be distributed as soon as possible if and when the Court grants final approval and after any appeals are resolved.

Your Employer Trusted CPS With Your Most Sensitive Data. A Ransomware Gang Got to It First.

Complete Payroll Solutions is a Springfield, Massachusetts-based human capital management company that handles payroll, HR, and benefits administration for more than 10,000 business clients. CPS employs more than 175 people and serves businesses that rely on it to process sensitive employee information. The data CPS holds is not ordinary — it includes the exact information identity thieves need most: Social Security numbers, financial account details, and health insurance records belonging not to CPS directly, but to the employees of every business that uses CPS to run payroll.

On February 21 and March 10, 2024, Complete Payroll Solutions experienced a ransomware attack by a group known as MEOW, which claimed responsibility on the dark web and stated it had accessed approximately 3 gigabytes of sensitive company data. The group published details of the breach on the Tor network, increasing the risk that stolen data could be misused, sold, or published publicly. CPS launched an internal investigation after detecting the intrusion, but did not begin notifying impacted individuals until February 25, 2025 — nearly a full year after the breach occurred — with notices continuing through April 25, 2025.

The lawsuit, filed as Dunn, et al. v. Complete Payroll Solutions, LLC, Case No. 1:25-CV-30045-LTS in the U.S. District Court for the District of Massachusetts, alleged that CPS is liable for negligence, breach of implied contract, invasion of privacy, and unjust enrichment. Seven class representatives brought the case on behalf of everyone whose data was exposed. CPS denies all wrongdoing but agreed to settle to avoid the costs and uncertainty of continued litigation.

You Got a Notice in the Mail From CPS — That Letter Makes You a Class Member

The class in this case is closed and defined by who received direct notification from CPS.

• You may qualify if you were sent a notice from Complete Payroll Solutions regarding potential impact from the data incident discovered on or around March 10, 2024.
• You may qualify if you were otherwise identified as having your personal information potentially impacted by the incident — even if a direct notice did not reach you due to an outdated address.
• You will not qualify if you are CPS itself, any entity in which CPS holds a controlling interest, CPS officers or directors, or any judge presiding over this matter.

If you believe you were an employee of a CPS client business during 2024 and may have had your data exposed, but you did not receive a notice, you may contact the Claims Administrator by phone at (833) 447-9925 to verify whether you appear in the affected records before the June 18, 2026 deadline.

Related article: Investors Who Bought Hawaiian Electric HEI Stock During Maui Wildfire Crisis May Now Claim Part of $47.75 Million Settlement

Three Ways to Get Compensated — Pick the One That Fits Your Situation

This settlement gives you meaningful choices depending on how much the breach actually cost you.

Option 1 — Estimated $100 Cash Payment (No Documentation Required)

Settlement Class Members can submit a claim for a pro rata cash payment, estimated to be $100. Settlement Class Members will not need to supply any documentary proof to select this option. The final amount adjusts up or down depending on total valid claims filed after fees, expenses, and documented loss reimbursements are paid out first.

Option 2 — Up to $5,000 Reimbursement for Documented Losses (Proof Required)

Settlement Class Members may choose to receive up to $5,000 for unreimbursed losses and expenses attributable to the Data Incident. Covered losses include out-of-pocket credit monitoring costs incurred from March 10, 2024, through June 18, 2026; unreimbursed losses from actual fraud or identity theft; and unreimbursed bank fees, long-distance phone charges, postage, or mileage. Reasonable documentation — such as credit card statements, phone bills, or identity theft monitoring receipts — must support the claim. Settlement Class Members cannot be reimbursed for expenses already reimbursed by another source.

Option 3 — Three Years of Free Credit Monitoring (No Documentation Required)

Settlement Class Members who choose to receive credit monitoring will receive a code to enroll in a program that provides three years of one-bureau credit monitoring, dark web monitoring, identity theft insurance coverage for up to $1,000,000, and fully managed identity recovery services.

You can claim any combination of these three benefits — cash, documented losses, and credit monitoring — in a single claim form submission.

How to File Your Claim Before June 18, 2026

Step 1 — Go to the official settlement website: CPSSettlement.com

Step 2 — Click “Submit an Online Claim” to file electronically by 11:59 p.m. ET on June 18, 2026, or download and print the claim form to mail.

Step 3 — Enter your personal information and confirm you are a class member — your breach notice letter or notification from CPS serves as your documentation of membership.

Step 4 — Select the benefits you want: the $100 pro rata cash payment, documented monetary loss reimbursement (up to $5,000), and/or three years of credit monitoring. You may select all three.

Step 5 — If claiming documented losses, attach supporting documentation: credit card statements, bank records, identity theft monitoring receipts, or phone bills showing expenses tied to the breach.

Step 6 — Submit your claim online or mail to: Dunn, et al. v. Complete Payroll Solutions, LLC, c/o Kroll Settlement Administration LLC, ATTN: Claims, P.O. Box 5324, New York, NY 10150-5324.

Step 7 — Save your confirmation. The administrator will contact you with enrollment instructions if you selected credit monitoring.

Phone: (833) 447-9925

Estimated time to complete: 5–10 minutes without documentation; longer if gathering loss records.

Key Dates

Milestone	Date
Ransomware Attack Discovered	March 10, 2024
First Breach Notices Sent	February 25, 2025
Final Breach Notices Sent	April 25, 2025
Lawsuit Filed	2025 (Case No. 1:25-CV-30045-LTS)
Claims Period Opens	Already open
Opt-Out Deadline	May 19, 2026
Objection Deadline	May 19, 2026
Claim Filing Deadline	June 18, 2026
Final Fairness Hearing	June 25, 2026 at 2:00 p.m. ET
Expected Payment Date	TBD — after final approval and appeals

Frequently Asked Questions

I got the breach notice but I haven’t seen any fraud on my accounts. Should I still file?

 Yes. The $100 cash payment requires no proof of harm — you simply need to be a class member. Filing costs you nothing and takes under ten minutes. If you later discover identity theft tied to this breach, the three-year credit monitoring benefit provides up to $1,000,000 in identity theft insurance and fully managed recovery services, which could be far more valuable than the cash alone.

What data was actually stolen in this breach?

 The investigation determined the breach potentially impacted names, addresses, Social Security numbers, driver’s license numbers, financial information, and health insurance information. Because CPS handles payroll and HR for thousands of businesses, the exposed records likely belonged to employees across many industries and states — not just CPS’s own staff.

Why did CPS wait almost a year to notify people about a 2024 breach? 

CPS sent notices beginning February 25, 2025 and continuing through April 25, 2025 — roughly 11 to 13 months after the March 10, 2024 incident. The lawsuit does not specify why notification was delayed, but the delay itself was cited as part of the harm to class members who could not take protective action during the intervening period.

Can I claim both the $100 cash payment and the up to $5,000 for documented losses?

 Yes. Settlement Class Members who make a claim for documented monetary losses can also choose to receive a pro rata cash payment and three years of credit monitoring. All three benefits are stackable in a single claim form.

Do I need a lawyer to file?

 No. The claim form at CPSSettlement.com is straightforward. The Court appointed Danielle L. Perry of Mason LLP, Carl V. Malmstrom of Wolf Haldenstein Adler Freeman & Herz LLC, and David K. Lietz of Milberg PLLC as Class Counsel to represent you. They are paid from the settlement fund — not by you directly.

Is this settlement legitimate? 

Yes. The case — Dunn, et al. v. Complete Payroll Solutions, LLC, Case No. 1:25-CV-30045-LTS — is pending before Judge Leo T. Sorokin in the U.S. District Court for the District of Massachusetts. Kroll Settlement Administration LLC, one of the largest and most established administrators in the country, manages claims. Use only the official website at CPSSettlement.com.

When will I receive my payment? 

The Court is scheduled to hold a Final Fairness Hearing on June 25, 2026. Settlement Class Member benefits will be distributed as soon as possible after the Court grants final approval and any appeals are resolved. Expect a wait of several months after the hearing.

What if I miss the June 18 filing deadline?

 Missing the deadline means you receive no benefits from this settlement — no cash, no loss reimbursement, and no credit monitoring enrollment code. You also remain bound by the settlement’s release of claims against CPS, meaning you cannot separately sue the company for the same data breach.

Sources & References

1. Official Settlement Website (Kroll Settlement Administration): CPSSettlement.com
2. Official FAQ Page: CPSSettlement.com/faq
3. PACER Docket — Case No. 1:25-CV-30045-LTS, D. Mass.: pacer.uscourts.gov

Last Updated: March 24, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.