WebTPA Data Breach Settlement Approved – $13.75 Million Available to 2.4 Million Victims

ByAll About Lawyer Reading Time: 12 minutes

If you received a WebTPA data breach notification, you could be entitled to significant compensation from a recently approved $13.75 million class action settlement. WebTPA Employment Services LLC agreed to pay $13.75 million to settle a data-breach lawsuit alleging it failed to protect the personal information of nearly three million people, under a deal given initial approval in federal court.

The settlement addresses one of 2024’s most significant healthcare data breaches, affecting over 2.4 million individuals whose sensitive personal and health information was compromised in a cyberattack that occurred between April 18-23, 2023.

Table of Contents

What Happened: The WebTPA Data Breach Timeline

The Initial Cyberattack (April 2023)

The initial data breach investigation determined that an unauthorized actor may have obtained personal information between April 18 and April 23, 2023. WebTPA Employer Services, a Texas-based health plan administrator, discovered that hackers had infiltrated their systems containing protected health information.

Discovery and Disclosure (December 2023)

The data breach was discovered by WebTPA Employer Services in December 2023, nearly eight months after the initial intrusion. This significant delay in detection became a central issue in the subsequent lawsuits.

Mass Notification (2024)

WebTPA confirmed that hackers had access to systems containing the protected health information of more than 2.4 million health plan members. Affected individuals began receiving breach notification letters throughout 2024.

🚨 URGENT: Settlement Deadlines You Cannot Miss

Critical Dates for WebTPA Settlement Claims:

November 4, 2025 – FINAL CLAIM DEADLINE You must submit your Claim Form online on or before November 4, 2025, or mail your completed paper Claim Form so that it is postmarked on or before November 4, 2025

October 20, 2025 – Opt-Out Deadline You must mail your completed opt-out request so that it is postmarked on or before October 20, 2025

Settlement Website: webtpasettlement.com

WebTPA Data Breach Settlement Approved - $13.75 Million Available to 2.4 Million Victims

Who’s Affected: Major Insurance Companies and Millions of Members

Affected insurance companies include The Hartford, Transamerica, and Gerber Life Insurance. The breach impacted individuals who were:

  • Current or former policyholders of affected insurance companies
  • Beneficiaries of health insurance plans administered by WebTPA
  • Dependents listed on affected health insurance policies
  • Anyone who received a WebTPA data breach notification letter

Compromised Personal Information Includes:

  • Full names and addresses
  • Social Security numbers
  • Dates of birth
  • Health insurance plan information
  • Medical claim details
  • Protected health information (PHI) under HIPAA

At least 7 class action lawsuits have already been filed against WebTPA over the data breach. The litigation centered on several key legal arguments:

1. Negligence and Inadequate Security Measures The lawsuits allege WebTPA was negligent by failing to implement reasonable and appropriate data security measures to protect sensitive personal and health information.

2. HIPAA Violations The plaintiffs alleged that WebTPA breached its duties under common law and HIPAA to protect their sensitive information and violated HIPAA by delaying notification to affected individuals.

3. Breach of Fiduciary Duty Plaintiffs argued WebTPA had a legal obligation to safeguard their personal information and failed in that duty.

Named Plaintiffs in the Litigation:

David Harrell, Belinda Gullette, Heavenle Wood, Jesus Rivera, Ronnye Hawkins, Cory France were among the individuals who initiated the class action lawsuits.

Settlement Benefits: How Much Can You Recover?

The $13.75 million settlement fund provides multiple types of compensation for affected individuals:

Cash Compensation Categories:

Ordinary Damages:

  • Compensation for time spent addressing the breach
  • Reimbursement for credit monitoring costs
  • Payment for identity protection services

Out-of-Pocket Losses:

  • Documented financial losses directly related to the breach
  • Identity theft remediation expenses
  • Credit report fees and related costs

Extraordinary Damages:

  • Significant financial losses requiring additional documentation
  • Major identity theft incidents with substantial impact

Additional Settlement Benefits:

  • Credit Monitoring Services: Free credit monitoring for eligible class members
  • Identity Protection: Enhanced identity theft protection services
  • Business Practice Changes: WebTPA must implement improved security measures

Real-Life Impact: Case Study of Data Breach Consequences

A similar healthcare data breach case demonstrates the serious consequences victims face. In the 2023 Fortra data breach affecting multiple healthcare organizations, victims reported:

  • Average of 12 hours spent resolving identity-related issues
  • $1,200 in average out-of-pocket expenses for credit monitoring and identity protection
  • Long-term anxiety about ongoing identity theft risks
  • Difficulty obtaining new credit due to fraud alerts

These real-world impacts underscore why the WebTPA settlement provides crucial compensation for affected individuals.

Significance of the $13.75 Million Award

The settlement amount reflects several important legal precedents:

  1. Scale of Impact: With 2.4+ million affected individuals, the per-person compensation demonstrates courts’ recognition of data breach harm
  2. HIPAA Enforcement: Healthcare data breaches face heightened scrutiny under federal privacy laws
  3. Delayed Notification Penalties: The 8-month delay between breach occurrence and discovery likely increased settlement value

Precedent for Future Healthcare Breaches

This settlement establishes important benchmarks:

  • Healthcare entities face significant financial liability for inadequate security
  • Delayed breach notification increases legal exposure
  • Courts recognize compensable harm even without immediate financial losses

How to File Your WebTPA Settlement Claim: Step-by-Step Guide

Step 1: Verify Your Eligibility

  • Check if you received a WebTPA breach notification letter
  • Confirm you were covered by an affected insurance plan during the relevant period
  • Gather documentation of any losses or expenses

Step 2: Access the Settlement Website

  • Visit webtpasettlement.com (official settlement site)
  • Review the complete settlement terms and class notice
  • Download claim forms if filing by mail

Step 3: Complete Your Claim Form

  • Provide required personal information
  • Document any out-of-pocket expenses related to the breach
  • Submit supporting documentation for claimed losses

Step 4: Submit Before Deadline

  • Online submission: Complete by November 4, 2025, 11:59 PM
  • Mail submission: Postmarked by November 4, 2025
  • Keep confirmation of your submission

FAQ: WebTPA Data Breach Class Action Settlement

Q: How do I know if I’m affected by the WebTPA data breach?

A: If you received a data breach notification letter from WebTPA or were covered by health insurance administered by WebTPA between 2023-2024, you’re likely affected. The class covers all United States residents whose personally identifiable information was compromised in the data breach, including all those who received notice of the breach.

Q: What’s the deadline to file a claim in the WebTPA settlement?

A: You must submit your Claim Form online on or before November 4, 2025, or mail your completed paper Claim Form so that it is postmarked on or before November 4, 2025.

Q: How much money can I expect to receive from the settlement?

A: Compensation amounts depend on your specific circumstances and documented losses. The $13.75 million fund will be distributed among eligible class members based on their individual claims for time, expenses, and losses related to the breach.

Q: Do I need to prove financial losses to receive compensation?

A: No. The settlement includes compensation for time spent addressing the breach, even without documented financial losses. However, documented out-of-pocket expenses may qualify for additional compensation.

Q: What if I want to sue WebTPA separately instead of joining the settlement?

A: You must mail your completed opt-out request so that it is postmarked on or before October 20, 2025 if you want to preserve your right to sue independently.

Q: Which insurance companies were affected by the WebTPA breach?

A: Affected insurance companies include The Hartford, Transamerica, and Gerber Life Insurance, among others that used WebTPA’s administrative services.

Q: How long did it take WebTPA to discover and report the breach?

A: The breach occurred in April 2023, but was not discovered by WebTPA Employer Services until December 2023, representing an 8-month delay that became a key issue in the litigation.

Q: What security improvements is WebTPA required to implement?

A: As part of the settlement, WebTPA must implement enhanced cybersecurity measures, though specific details of required improvements are outlined in the settlement documentation available at webtpasettlement.com.

🚨 Additional People Also Ask Questions (Real Search Data)

COMPANY & BUSINESS QUESTIONS

Q: What exactly does WebTPA do?

A: WebTPA provides health care administration solutions for health systems, self-funded employers and insurance carriers. As a third-party administrator (TPA), WebTPA processes health insurance claims, manages benefits, and handles administrative services for employer health plans and insurance companies.

Q: Is WebTPA the same as other TPA companies that have had breaches?

A: No, WebTPA Employer Services is a specific company based in Irving, Texas. While other third-party administrators have experienced breaches, this settlement specifically covers only the WebTPA breach that occurred in April 2023.

Q: How do I contact WebTPA about my benefits or the data breach?

A: WebTPA can be contacted at 800-981-7405 to verify coverage or with any questions. For settlement-specific questions, use the contact information provided at webtpasettlement.com rather than general customer service lines.

TECHNICAL & SECURITY QUESTIONS

Q: What type of hacking method was used against WebTPA?

A: WebTPA has not disclosed the specific attack vector used in the April 2023 breach. The company only confirmed that a cybersecurity incident occurred between April 18, 2023, and April 23, 2023 that resulted in unauthorized access to systems containing protected health information.

Q: Has WebTPA been hacked before this incident?

A: Based on available public records, this April 2023 incident appears to be WebTPA’s first major reported data breach affecting millions of individuals. However, many smaller security incidents may not be publicly disclosed.

Q: What cybersecurity improvements has WebTPA made since the breach?

A: While the settlement requires enhanced security measures, WebTPA has not publicly detailed specific improvements. The company likely implemented standard post-breach security enhancements including improved monitoring, access controls, and employee training.

FINANCIAL & COMPENSATION QUESTIONS

Q: Why is the WebTPA settlement “only” $13.75 million for 2.4 million people?

A: Settlement amounts in data breach cases depend on factors including:

  • Difficulty proving individual damages
  • Company’s ability to pay
  • Strength of legal claims
  • Costs of continued litigation
  • Comparable settlements in similar cases

The $13.75 million represents a negotiated resolution that provides guaranteed compensation versus uncertain outcomes in trial.

Q: Are there any upfront costs to join the WebTPA settlement?

A: No. Legitimate class action settlements never require upfront payments from class members. If anyone asks for money to help you claim WebTPA settlement funds, it’s likely a scam.

Q: Will I have to pay taxes on my WebTPA settlement payment?

A: Settlement payments may be taxable depending on the type of compensation and your individual tax situation. Consult with a tax professional, as payments for documented losses are often treated differently than general damages payments for tax purposes.

IDENTITY PROTECTION QUESTIONS

Q: Should I freeze my credit because of the WebTPA breach?

A: Yes, credit freezing is one of the most effective protections available. Since your Social Security number and other sensitive information were compromised, placing security freezes with all three major credit bureaus (Experian, Equifax, TransUnion) provides strong protection against new account fraud.

Q: How long should I monitor my credit after the WebTPA breach?

A: Experts recommend monitoring for at least 2-3 years after a healthcare data breach, as medical identity theft can take longer to detect than financial fraud. Some victims don’t discover medical identity theft until they receive medical bills for services they didn’t receive.

Q: What’s the difference between a credit freeze and fraud alert?

A:

  • Credit Freeze: Completely blocks access to your credit report, preventing new accounts
  • Fraud Alert: Adds a note requiring extra verification but doesn’t block access
  • Credit freezes provide stronger protection but require lifting the freeze when you want to apply for credit

Q: What court is handling the WebTPA settlement?

A: The WebTPA class action settlement is being handled in federal court, with the deal receiving initial approval in federal court. Specific court details are available in the settlement documentation at webtpasettlement.com.

Q: Can the settlement amount increase or will it stay at $13.75 million?

A: The $13.75 million settlement amount is fixed and will not increase. However, if not all eligible class members file claims, individual payouts may be larger than initially estimated.

Q: What happens to unclaimed money from the WebTPA settlement?

A: Unclaimed settlement funds are typically distributed pro-rata among valid claimants who filed before the deadline, or in some cases, donated to relevant nonprofit organizations as specified in the settlement agreement.

EMPLOYER & INSURANCE QUESTIONS

Q: Will my employer know if I file a WebTPA settlement claim?

A: No. Settlement claims are confidential and will not be disclosed to your employer or insurance company. Your participation in the settlement is private information.

Q: What if my employer changes TPA companies after the WebTPA breach?

A: You’re still eligible for the settlement if your information was compromised during the April 2023 breach, regardless of whether your employer continues using WebTPA services.

Q: Can I file a claim if I’m no longer employed by the company that used WebTPA?

A: Yes. Settlement eligibility is based on whether your information was compromised in the breach, not your current employment status. Former employees whose data was affected are fully eligible to file claims.

Official Settlement Resources:

  • WebTPA Settlement Website: webtpasettlement.com
  • Settlement Administrator: Contact information available on settlement site
  • Court Documents: Case No. Harrell v. WebTPA Employer Services, LLC, et al.

Consumer Protection Contacts:

  • HHS Office for Civil Rights: Report HIPAA violations
  • Federal Trade Commission: Identity theft and consumer fraud reporting
  • State Attorneys General: Consumer protection divisions

If you experienced significant losses or need help navigating the settlement process, consider consulting with attorneys experienced in data breach class actions.

The Bottom Line: Act Now to Secure Your Rights

The WebTPA data breach settlement represents one of the largest healthcare data breach resolutions of 2024-2025. With $13.75 million available to compensate nearly three million affected individuals, eligible class members have a limited window to claim their rightful compensation.

Critical Action Items:

  1. Verify your eligibility by checking for breach notification letters
  2. File your claim at webtpasettlement.com before November 4, 2025
  3. Document any related expenses for maximum compensation
  4. Protect your identity with ongoing monitoring and fraud alerts

The November 4, 2025 deadline is absolute. Missing this date means permanently forfeiting your right to compensation from this settlement.

Healthcare data breaches are becoming increasingly common and costly. The WebTPA case demonstrates that companies face serious financial consequences for inadequate data protection, but only if affected individuals take action to hold them accountable.

Don’t let this opportunity pass. Your personal information was compromised through no fault of your own—you deserve compensation for the resulting harm and inconvenience.

This article provides general information about the WebTPA data breach settlement and should not be considered personalized legal advice. For specific questions about your situation, consult with qualified legal counsel. AllAboutLawyer.com is committed to providing accurate, timely information to help consumers understand their legal rights.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *