Generational Equity Lawsuit, M&A Firm Pays $275K After Hackers Steal 2,200 Clients’ Social Security Numbers—But Waited 8 Months to Tell Them

ByAll About Lawyer Reading Time: 10 minutes

The Generational Equity lawsuit centers on a February 2023 data breach where cybercriminals stole sensitive information from over 2,200 clients, employees, and partners of the Texas-based M&A advisory firm. The breach exposed Social Security numbers, driver’s license details, credit card information, and financial records—yet Generational Equity didn’t notify victims until October 2023, eight months later. The delay sparked a class action lawsuit that settled for $275,000 in 2024, with individual victims eligible for up to $3,500 in compensation.

What Generational Equity Does—And Why the Data Breach Mattered

Generational Equity LLC isn’t your typical business. Founded in 2004 and headquartered in Richardson, Texas, this mergers and acquisitions advisory firm helps middle-market business owners sell their companies, merge with others, or find investors.

With over 200 professionals across 15 offices nationwide, they’ve completed more than 1,700 transactions worth over $9 billion. They’ve assisted approximately 115,000 business owners in planning strategic exits.

Here’s the critical part: M&A advisory firms handle incredibly sensitive data—business valuations, financial statements, tax records, client identity documents, and confidential deal information. When cybercriminals breach this data, the consequences cascade far beyond simple identity theft.

Business owners using these services trust the firm with information that could destroy their companies if exposed to competitors or used fraudulently.

The February 2023 Cyberattack: What Hackers Stole

Between February 15-16, 2023, cybercriminals bypassed Generational Equity’s cybersecurity defenses and accessed what the company later described as “personally identifiable information.”

Data Compromised in the Breach:

  • Full names and contact information
  • Social Security numbers
  • Driver’s license numbers
  • Credit card details and financial account information
  • Sensitive business financial records
  • Other identifying details that could enable identity theft

This wasn’t a minor security incident. The FBI was involved in the investigation, and over 2,200 individuals had their most sensitive information exposed to criminals.

With this data, scammers could open fraudulent credit accounts, file fake tax returns, drain bank accounts, take out loans in victims’ names, or sell the information on dark web marketplaces.

The Eight-Month Notification Delay That Fueled the Lawsuit

Generational Equity discovered the breach on February 16, 2023—the day after it occurred.

Yet the company didn’t begin notifying affected individuals until October 5, 2023—nearly eight months later.

Why does this delay matter legally? Most state data breach notification laws require “reasonable” or “prompt” notification, typically within 30-90 days. Eight months far exceeds these standards.

Why Delays Are Dangerous:

  • Victims can’t monitor their credit or take protective action
  • Fraudulent activity may go undetected for months
  • Evidence of unauthorized access becomes harder to trace
  • Trust between company and clients erodes completely

This notification delay became a central allegation in the lawsuit—that Generational Equity’s failure to promptly warn victims exacerbated the harm.

Generational Equity Lawsuit, M&A Firm Pays $275K After Hackers Steal 2,200 Clients' Social Security Numbers—But Waited 8 Months to Tell Them

Linda Glass Files the Class Action Lawsuit

On December 25, 2023, Linda Glass, a former Generational Equity employee whose data was compromised, filed a class action lawsuit in Dallas County’s 298th Judicial District Court.

The case, officially titled Glass v. Generational Equity LLC, et al. (Case No. DC-23-20315), alleged multiple failures:

Negligence Claims:

  • Failed to implement reasonable cybersecurity measures
  • Didn’t adequately protect sensitive consumer information
  • Lacked proper threat detection systems
  • Used outdated security protocols

Breach of Duty:

  • Owed clients a duty to safeguard their personal information
  • Breached that duty through inadequate security
  • The breach directly caused financial and emotional harm to victims

Delayed Notification:

  • Waited eight months to inform victims of the breach
  • Prevented victims from taking timely protective measures
  • Violated reasonable notification standards

Before filing, Glass’s attorneys conducted extensive pre-suit investigation, interviewing affected individuals and researching Generational Equity’s security practices and promises made to clients about data protection.

The Legal Standards: When Companies Are Liable for Data Breaches

Data breach lawsuits hinge on several legal theories that establish when companies must compensate victims.

Negligence in Data Security: Companies that collect and store personal information have a duty to implement reasonable security measures. What’s “reasonable” depends on:

  • The sensitivity of data collected
  • Industry standards and best practices
  • The company’s resources and sophistication
  • Foreseeable risks and known vulnerabilities

Breach of Contract: If privacy policies or service agreements promise specific security measures, failing to implement them may breach the contract.

State Data Breach Notification Laws: All 50 states have laws requiring timely notification. Violations can create independent causes of action.

Consumer Protection Laws: Many states have consumer protection statutes prohibiting deceptive trade practices, including misrepresenting security measures.

The Generational Equity case primarily focused on negligence and failure to implement adequate cybersecurity despite handling highly sensitive M&A client information.

The Defense: Generational Equity’s Response

On April 23, 2024, Generational Equity filed a General Denial pursuant to Texas Rule of Civil Procedure 92, generally denying every cause of action asserted by plaintiff Linda Glass.

A general denial doesn’t address specific allegations—it simply puts plaintiffs to their proof, forcing them to prove every element of their claims.

However, shortly after filing their denial, the parties agreed to explore early resolution and work cooperatively toward settlement.

Why Generational Equity Likely Settled:

  • Avoiding costly, prolonged litigation
  • Preventing damaging testimony about security failures
  • Protecting company reputation in the competitive M&A market
  • Minimizing negative publicity affecting client relationships
  • Uncertainty about jury sympathy and potential verdict amounts

The company never admitted wrongdoing or liability. The settlement resolved claims without any determination of fault.

The $275,000 Settlement: Who Gets What

On June 21, 2024, the parties reached a settlement agreement. On August 5, 2024, the Dallas County court preliminarily approved the settlement, with a final approval hearing held December 6, 2024.

Settlement Class Definition: All individuals identified by Generational Equity as being among those impacted by the February 2023 data incident.

The settlement provided multiple compensation tiers:

Credit Monitoring (Priority):

  • Two years of free credit monitoring and identity theft protection
  • $1 million insurance coverage for identity theft-related losses
  • Available to all class members automatically

Ordinary Losses (Up to $300):

  • Bank fees and overdraft charges
  • Credit monitoring costs incurred before settlement
  • Phone bills and communication charges related to breach
  • Requires documentation: receipts, bank statements, invoices

Lost Time Compensation (Up to $75):

  • $25 per hour for up to 3 hours of time spent addressing the breach
  • Documentation required: detailed time log

Extraordinary Losses (Up to $3,500):

  • Unreimbursed fraudulent charges or transactions
  • Identity theft damages not covered by insurance
  • Other documented monetary losses from data misuse
  • Requires extensive documentation: police reports, credit reports, bank statements

Important Limitation: If total claims exceeded $275,000, credit monitoring took priority, and other claims would be prorated proportionally.

Generational Equity Lawsuit, M&A Firm Pays $275K After Hackers Steal 2,200 Clients' Social Security Numbers—But Waited 8 Months to Tell Them

The Settlement Response: Zero Objections, Zero Opt-Outs

The settlement class included 2,324 potential members. The court required notice to all affected individuals and provided opportunities to object or opt out.

The response was remarkable:

  • Zero (0) individuals timely requested exclusion from the settlement
  • Zero (0) individuals submitted objections to the settlement terms

This overwhelmingly positive response strongly supported final approval. When no class members object, courts typically view it as evidence the settlement fairly compensates victims.

How to File a Claim: Process and Deadlines

The settlement established specific deadlines for class members:

November 3, 2024: Deadline to opt out or object to settlement terms

December 3, 2024: Final deadline to submit claim forms

December 6, 2024: Final approval hearing

Claims Process:

  1. Visit GenerationalEquitySettlement.com or request forms by mail
  2. Complete claim form detailing losses
  3. Attach supporting documentation for each claim type
  4. Submit electronically or mail to Settlement Administrator (Angeion Group)

Required Documentation Examples:

  • Bank statements showing unauthorized charges
  • Credit reports showing fraudulent accounts
  • Police reports for identity theft
  • Receipts for credit monitoring services purchased
  • Invoices for services related to addressing the breach

Without proper documentation, claims could be denied or reduced.

What Happens If You Missed the Deadline?

The December 3, 2024 claim deadline has passed. If you were affected but didn’t file a claim, you have limited options:

Individual Lawsuit: You can still pursue individual legal action if you can prove direct harm from the breach. However, this requires:

  • Hiring your own attorney (likely expensive)
  • Proving specific damages linked to the breach
  • Overcoming statutes of limitations (typically 2-4 years for negligence)

Future Legal Actions: If additional security failures emerge or the company faces new breaches, new lawsuits might arise.

Credit Monitoring: Even without filing claims, you should monitor your credit reports for suspicious activity for years after any breach.

Broader Implications: What This Case Means for M&A Firms

The Generational Equity lawsuit signals growing legal liability for professional services firms that handle sensitive client data.

Industry-Wide Changes:

  • Enhanced cybersecurity frameworks becoming standard
  • Shorter notification timelines (30-60 days maximum)
  • More comprehensive cyber liability insurance
  • Third-party security audits and penetration testing
  • Encryption requirements for data at rest and in transit

For Business Owners: Before hiring M&A advisors, ask about:

  • Their cybersecurity certifications (SOC 2, ISO 27001)
  • Data breach notification policies
  • Cyber liability insurance coverage
  • Recent security audits
  • Incident response plans

For Employees: The fact that Linda Glass was a former employee whose data was compromised highlights that companies owe data protection duties not just to clients but to their own workforce.

Comparing to Other Data Breach Settlements

How does the Generational Equity settlement compare to other recent data breach cases?

Similar Cases:

  • Neiman Marcus: $3.5 million settlement for data breach
  • HCA Healthcare: Settlements up to $5,000 per affected individual
  • T-Mobile (multiple breaches): $350 million settlement fund

The Generational Equity settlement is relatively modest at $275,000 for over 2,200 affected individuals—averaging about $118 per person if everyone filed maximum claims.

This lower amount likely reflects:

  • Smaller company with fewer resources
  • Fewer documented instances of actual identity theft
  • Early settlement before extensive discovery
  • Uncertainty about proving direct causation

The Cybersecurity Lesson: Prevention vs. Settlement Costs

Generational Equity’s $275,000 settlement raises an important question: Would investing in better cybersecurity upfront have been cheaper?

Typical Costs of Robust Cybersecurity:

  • Enterprise-grade firewalls and intrusion detection: $50,000-$150,000 annually
  • Security information and event management (SIEM): $100,000-$300,000 setup
  • Regular penetration testing: $15,000-$50,000 per test
  • Security training for employees: $10,000-$30,000 annually
  • Cyber liability insurance: $25,000-$100,000 annually

Total Annual Investment: Approximately $200,000-$630,000

Compare this to breach costs:

  • Settlement: $275,000
  • Legal fees: Likely $100,000+
  • Reputation damage: Immeasurable
  • Lost clients: Potentially millions in future revenue
  • Regulatory fines: Possible additional penalties

The math is clear—prevention costs less than breach response.

Protecting Yourself: What to Do If You’re a Victim

If you were affected by the Generational Equity breach or any data breach, take these steps:

Immediate Actions:

  1. Freeze your credit with all three bureaus (Equifax, Experian, TransUnion)
  2. Set up fraud alerts on your accounts
  3. Change passwords for financial accounts
  4. Enable two-factor authentication everywhere possible

Ongoing Monitoring:

  1. Review credit reports quarterly (free at AnnualCreditReport.com)
  2. Monitor bank and credit card statements weekly
  3. Watch for suspicious calls, emails, or mail
  4. File tax returns early to prevent refund fraud

If You Detect Fraud:

  1. Report to Federal Trade Commission at IdentityTheft.gov
  2. File police report with local authorities
  3. Notify creditors and financial institutions immediately
  4. Document everything for potential legal claims

Frequently Asked Questions

What is the Generational Equity lawsuit about?

The Generational Equity lawsuit is a class action case filed after a February 2023 data breach exposed sensitive information of over 2,200 clients and employees. The lawsuit (Glass v. Generational Equity LLC, Case No. DC-23-20315) alleged the M&A firm failed to implement adequate cybersecurity measures and delayed notifying victims for eight months. It settled for $275,000 in 2024.

Who filed the Generational Equity lawsuit?

Linda Glass, a former Generational Equity employee whose personal data was compromised in the breach, filed the class action lawsuit on December 25, 2023, in Dallas County’s 298th Judicial District Court. She represented all affected individuals whose information was exposed in the February 2023 cyberattack.

How much can victims receive from the settlement?

Victims could receive up to $3,500 in documented extraordinary losses (identity theft, fraudulent charges), up to $300 for ordinary losses (bank fees, credit monitoring), and up to $75 for lost time ($25/hour for 3 hours). All class members receive two years of free credit monitoring and identity theft protection with $1 million insurance coverage.

Can I still file a claim in the Generational Equity lawsuit?

No. The claim deadline was December 3, 2024, and has passed. However, you may still pursue an individual lawsuit if you can prove direct harm from the breach. Consult a data privacy attorney or consumer protection lawyer about your options.

What information was stolen in the Generational Equity data breach?

The February 2023 breach exposed names, Social Security numbers, driver’s license numbers, credit card details, financial account information, and sensitive business records. Cybercriminals gained unauthorized access to Generational Equity’s systems on February 15-16, 2023, compromising data of 2,200+ individuals.

Did Generational Equity admit fault in the lawsuit?

No. Generational Equity settled the case without admitting any wrongdoing or liability. The company filed a general denial of all allegations in April 2024, then agreed to settle for $275,000 in June 2024. Settlement doesn’t constitute an admission of fault under legal standards.

Why did Generational Equity wait 8 months to notify victims?

Generational Equity discovered the breach on February 16, 2023, but didn’t begin notifying affected individuals until October 5, 2023. The company hasn’t publicly explained the delay, but this timeline became a key allegation in the lawsuit, as most state laws require notification within 30-90 days of breach discovery.

Key Takeaways

The Generational Equity lawsuit demonstrates that no company—regardless of reputation or industry—is immune from data breach liability. M&A advisory firms, which handle extraordinarily sensitive business and personal information, face heightened scrutiny when their security measures fail.

For affected individuals, the case shows that legal remedies exist, even when damages are hard to quantify. Class action lawsuits can force companies to compensate victims and improve security practices.

For businesses, it’s a stark reminder: invest in cybersecurity now, or pay far more later through settlements, legal fees, reputation damage, and lost clients. The $275,000 settlement represents only part of Generational Equity’s total breach costs—the reputational impact may cost millions more in lost business.

Legal Disclaimer: This article is for educational and informational purposes only and does not constitute legal advice. The information provided is based on publicly available court documents, settlement agreements, and news reports. If you were affected by the Generational Equity data breach or face similar issues, consult with a qualified data privacy attorney or consumer protection lawyer in your jurisdiction. The settlement resolved this case without any court determination of liability or fault.

Need Legal Help? If you’ve experienced a data breach or identity theft, consult an experienced consumer protection attorney who specializes in cybersecurity cases.

For information on related legal matters, see our guides on identity theft lawyer costs and employment contract reviews.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *