$7.5M Thompson Coburn Data Breach Settlement, Were Your Medical Records Exposed? Claim Up to $5,000 or $150 Cash by July 23, 2026

Prepared by the AllAboutLawyer.com Editorial Team and reviewed for factual accuracy against the official settlement website TCDataSettlement.com, settlement FAQs, and HHS breach reporting records on May 15, 2026. Last Updated: May 15, 2026

Thompson Coburn Settlement is a healthcare data breach class action where eligible patients can receive up to $5,000 for documented losses or approximately $150 in pro rata cash — plus three years of free medical identity protection — by filing a claim before July 23, 2026. The lawsuit stems from a May 2024 cyberattack on Thompson Coburn LLP, a St. Louis-based law firm, that exposed the protected health information of more than 305,000 patients of Presbyterian Healthcare Services. The $7,500,000 settlement is pending final approval in the Circuit Court of the City of St. Louis, Missouri.

Thompson Coburn Data Breach Settlement — Quick Facts

Field	Detail
Settlement Amount	$7,500,000 total ($6,000,000 Common Fund + up to $1,500,000 Additional Benefits)
Claim Deadline	July 23, 2026
Who Qualifies	All U.S. persons sent a breach notice by Thompson Coburn LLP following the May 2024 data incident
Payout Per Person	Up to $5,000 with documented losses (Cash Payment A) OR approximately $150 pro rata with no proof needed (Cash Payment B) — choose one
Proof Required	Cash Payment A: Yes — bank statements, receipts, or invoices. Cash Payment B: No
Settlement Status	Preliminarily approved — final approval hearing August 27, 2026
Administrator	Simpluris
Official Website	TCDataSettlement.com
Last Updated	May 15, 2026

Current Status of the Thompson Coburn Settlement

• The settlement has received preliminary approval. Notices were mailed to class members on May 11, 2026.
• You must file a claim to receive a cash payment. Medical Data Monitoring is free and automatic for all class members — but you still need to activate it after final approval.
• The claim deadline is July 23, 2026 — file online or postmark your paper form by that date.
• The opt-out and objection deadline is August 7, 2026. Miss this date and you cannot pursue an independent lawsuit against Thompson Coburn over this breach.
• The final approval hearing is August 27, 2026 at 1:30 p.m. CT at the Circuit Court of the City of St. Louis, 10 N. Tucker Blvd., St. Louis, MO 63101.
• Payments will be issued after final approval and resolution of any appeals.

What Is the Thompson Coburn Lawsuit About? Salazar et al. v. Thompson Coburn LLP, Case No. 2622-CC00320

Thompson Coburn LLP is a full-service law firm headquartered in St. Louis, Missouri. The firm provided legal services to Presbyterian Healthcare Services — a major nonprofit health system based in New Mexico — on matters including government billing and repayment. That legal work required Presbyterian to share patient health information with the firm.

On May 29, 2024, Thompson Coburn became aware of suspicious activity within its network and launched an investigation with third-party forensic specialists. The investigation determined that certain files stored within its environment were viewed or taken by an unauthorized actor between May 28, 2024, and May 29, 2024.

Thompson Coburn informed the U.S. Department of Health and Human Services that 305,088 individuals were impacted by the incident. The data exposed was among the most sensitive a person can have. The information potentially compromised included patients’ names, dates of birth, medical record numbers, patient account numbers, prescription and treatment information, medical provider information, health insurance information, and Social Security numbers. Passport numbers and driver’s license information were also included for some individuals.

The lawsuit alleges Thompson Coburn failed to implement adequate cybersecurity protections to safeguard the patient data its legal work required it to store. The class action accused the firm and the health system of not being able to protect healthcare and personal information in the event of such a cyberattack. Thompson Coburn denies all wrongdoing. No court has decided who is right.

This breach fits a troubling pattern of cyberattacks targeting law firms and third-party service providers that hold healthcare data. If you were a Presbyterian Healthcare Services patient and received a breach notice letter from Thompson Coburn, your data was directly involved. For another recent healthcare data breach case handled by Simpluris, the same administrator managing this settlement, see the Esse Health $2.53M Data Breach Settlement — which also exposed patient Social Security numbers and health information in a 2025 cyberattack.

Related article: OpenAI Class Action Lawsuit, ChatGPT Allegedly Sent Your Private Queries to Meta and Google

Who Qualifies for the Thompson Coburn Settlement?

The class definition is specific and eligibility comes down to one factor: whether you received a breach notice.

You qualify if you:

• Are a U.S. resident who was sent a breach notification letter by Thompson Coburn LLP identifying you as potentially impacted by the May 2024 data incident
• Had any of the following information potentially exposed: name, date of birth, Social Security number, medical record number, patient account number, prescription or treatment details, clinical information, medical provider information, health insurance details, passport number, or driver’s license information

You do NOT qualify if you:

• Are a current or former member of Thompson Coburn’s management committee or general counsel
• Are the judge assigned to this case or an immediate family member or court staff member
• Timely and validly opt out of the settlement

If you received a breach notification letter from Thompson Coburn dated around November 2024, you are almost certainly a class member. If you are unsure, contact the administrator at (833) 386-6541 (24/7) or email [email protected].

This settlement is particularly significant for Presbyterian Healthcare patients across New Mexico. If you or a family member received care at a Presbyterian facility and were notified of this breach, this settlement is your path to compensation for the exposure of your most sensitive medical and personal information. For comparison, the Norton Healthcare $11M Data Breach Settlement — which also involved a major healthcare cyberattack — shows how courts have handled similar claims in the same period.

How Much Can You Get from the Thompson Coburn Settlement?

You choose between two cash payment options — you cannot claim both. Here is exactly what each one pays and what it requires.

Cash Payment A — Documented Losses (up to $5,000)

This is the higher-value option, but it requires proof. You can claim reimbursement for unreimbursed, out-of-pocket expenses you incurred between May 28, 2024 and July 23, 2026 that were caused by this data breach. Covered expenses include:

• Costs from identity theft or fraud directly tied to this breach
• Fees paid for credit reports, credit monitoring, or freezing and unfreezing your credit
• Costs to replace government-issued IDs (driver’s license, passport)
• Postage for mailing communications to financial institutions

You must submit third-party documentation — bank statements, receipts, invoices, or similar records. Personal notes or self-prepared logs alone are not sufficient. The amount paid per person may be subject to pro rata reduction depending on total valid claims and the cap on Additional Benefits.

Cash Payment B — Pro Rata Cash Payment (estimated ~$150, no proof required)

If you have no documented losses or prefer a simpler process, choose this option. Every class member who files a valid, timely claim for Cash Payment B receives an equal share of what remains in the $6,000,000 Common Settlement Fund after attorneys’ fees, service awards, and administration costs are paid. The estimate is approximately $150, but the final amount could be higher or lower depending on total claims filed.

Medical Data Monitoring — Free for All Class Members (no claim required)

All class members automatically receive three years of CyEx Medical Shield Total, which includes:

• $1,000,000 in medical identity theft insurance
• Monitoring for healthcare insurance ID exposure
• Monitoring for medical record number (MRN) exposure
• Monitoring for unauthorized Health Savings Account (HSA) spending

Enrollment codes were mailed with your breach notice. To activate, visit app.medicalshield.cyex.com/enrollment/activate/thompson — but only after the court grants final approval. You do not need to file a claim form to receive this benefit. If you lost your enrollment code, contact the administrator.

Step-by-Step: How to File Your Thompson Coburn Settlement Claim

Step 1 — Go to the official claim portal. Visit TCDataSettlement.com and click “Submit a Claim,” or go directly to tcdatasettlement.com/form/claim. This is the fastest way to file.

Step 2 — Enter your personal information. Provide your name, mailing address, email, and phone number. Have your Class Member ID from your notice ready if you received one.

Step 3 — Choose your cash payment option. Select either Cash Payment A (documented losses, up to $5,000) or Cash Payment B (pro rata, ~$150, no proof needed). You cannot select both.

Step 4 — Upload documentation if claiming Cash Payment A. Attach bank statements, receipts, credit card statements, invoices, or other third-party records showing breach-related expenses. Personal notes alone will not qualify your claim.

Step 5 — Select your payment method. Choose how you want to receive your money — options are listed during the online claim process.

Step 6 — Sign and submit. Certify your information is accurate and submit. If mailing a paper form, it must be postmarked by July 23, 2026.

Step 7 — Save your confirmation. Screenshot your confirmation or write down your confirmation number. You will need it to track your claim status.

Estimated time to complete: 5–10 minutes for Cash Payment B. Longer if gathering documentation for Cash Payment A.

Mail paper claims to: Thompson Coburn Data Incident Settlement, c/o Settlement Administrator, P.O. Box 25226, Santa Ana, CA 92799-9958

Important Dates — Thompson Coburn Settlement Deadlines

Milestone	Date
Data Breach Occurred	May 28–29, 2024
Thompson Coburn Discovered Breach	May 29, 2024
Breach Notification Letters Mailed	November 2024
Class Notices Mailed by Administrator	May 11, 2026
Claim Filing Deadline	July 23, 2026
Opt-Out Deadline	August 7, 2026
Objection Deadline	August 7, 2026
Final Approval Hearing	August 27, 2026 at 1:30 p.m. CT — Circuit Court of the City of St. Louis, MO
Expected Payment Date	TBD — after final approval and resolution of any appeals

Frequently Asked Questions — Thompson Coburn Settlement

Is there a class action settlement against Thompson Coburn for the 2024 data breach?

Yes. A settlement has been reached with Thompson Coburn LLP in a class action lawsuit about a targeted cyberattack on Thompson Coburn’s computer systems that occurred in May 2024. Certain files were accessed that may have contained personal information such as names, dates of birth, protected health information, Social Security numbers, and other sensitive data. The total settlement value is $7,500,000.

Do I need a lawyer to file a claim?

No. Class Counsel — Raina Borrelli of Strauss Borrelli PLLC, Norman E. Siegel of Stueve Siegel Hanson LLP, and Jeff Ostrow of Kopelowitz Ostrow P.A. — represent the entire class at no charge to you. Filing a claim takes 5–10 minutes online at TCDataSettlement.com. You only need your own attorney if you plan to opt out and pursue an independent lawsuit.

Is this settlement legitimate?

Yes. The case is Salazar et al. v. Thompson Coburn LLP, Case No. 2622-CC00320, pending in the Circuit Court of the City of St. Louis, Missouri. The administrator is Simpluris, a nationally recognized, court-appointed settlement administrator. The official website is TCDataSettlement.com. You can call the administrator toll-free at (833) 386-6541, available 24/7.

When will I receive my payment?

No specific payment date is set yet. The final approval hearing is August 27, 2026. Payments are distributed after the court approves the settlement and after any appeals are resolved. Settlement payments in cases like this typically go out several months after final approval.

What if I missed the claim deadline?

If you do not file by July 23, 2026, you will not receive a cash payment from this settlement. You will still receive Medical Data Monitoring if you activate your enrollment code. And unless you opt out by August 7, 2026, you will still be bound by the settlement’s release of claims against Thompson Coburn — meaning you give up your right to sue the firm over this breach.

Will this settlement payment affect my taxes?

Settlement payments for data breach cases can carry tax implications depending on the nature of the compensation and your individual tax situation. Payments for reimbursed out-of-pocket losses are generally treated differently than general damages. Consult a tax professional for guidance specific to your situation. AllAboutLawyer.com does not provide tax advice.

Can I claim both the documented loss payment and the pro rata cash payment?

No. Cash Payment A and Cash Payment B are mutually exclusive — you must choose one. If you have documented losses, Cash Payment A offers up to $5,000 and is generally the better choice if your expenses are verifiable. If you have no documentation, Cash Payment B gives you an estimated $150 with no proof required.

What does the Medical Data Monitoring cover — and how do I activate it?

Three years of CyEx Medical Shield Total comes with $1,000,000 in medical identity theft insurance and monitors your healthcare insurance ID, medical record number, and HSA account for suspicious activity. To activate, visit app.medicalshield.cyex.com/enrollment/activate/thompson using the enrollment code mailed with your notice. Activation is only possible after the court grants final approval. If you lost your code, call (833) 386-6541.

Sources & References

• Official Settlement Website: TCDataSettlement.com
• Official FAQs: TCDataSettlement.com/faq
• Key Dates: TCDataSettlement.com/dates
• Court Docket: Salazar et al. v. Thompson Coburn LLP, Case No. 2622-CC00320, Circuit Court of the City of St. Louis, Missouri
• HHS Breach Report: Thompson Coburn LLP, 305,088 individuals affected, reported November 2024
• Security reporting: SecurityWeek, HIPAA Journal — November 2024

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.