Sometime in early 2024, some two million Americans received a letter, email, or digital notice alerting them to the possibility that a data breach at their bank had compromised their personal information. The bank was SouthState, a regional organization with offices all across the American Southeast and headquarters in Florida.
According to the notice, which the bank was compelled by state data-breach disclosure regulations to deliver, the compromised data most likely contained names, dates of birth, physical addresses, contact details, financial account numbers, and, in certain situations, Social Security numbers. For those who are not aware with the current state of identity theft, this is a nearly comprehensive list of the details a skilled criminal requires in order to register new credit accounts using someone else’s name. Given the scope of the breach, the ensuing class action case turned into Peterson-style consumer litigation.
| Category | Detail |
|---|---|
| Defendant | SouthState Bank, N.A. — Florida-based regional bank; subsidiary of SouthState Corporation (NYSE: SSB); operates branches across the Southeast U.S. with headquarters in Winter Haven, Florida |
| Settlement Fund | $1,500,000 total — preliminarily approved by the court on February 17, 2026 |
| Class Size | Approximately 2 million U.S. residents who received notification that their personal information may have been affected by the February 2024 data breach |
| The Breach | Cybersecurity incident on or around February 7, 2024; compromised information allegedly included names, dates of birth, addresses, contact information, financial account numbers, and Social Security numbers — exactly the combination required for sophisticated identity theft |
| Documented Loss Reimbursement | Up to $3,500 per class member for out-of-pocket losses incurred after February 7, 2024, with supporting third-party documentation — including bank fees, professional fees, credit monitoring costs, credit freeze fees, ID replacement, fraudulent charges, and miscellaneous expenses like postage and travel |
| Alternative Cash Payment | Pro-rated one-time cash payment available to all class members with no proof required; class members may file for both payments via a single claim form |
| Credit Monitoring | Automatic enrollment eligibility for one year of one-bureau credit monitoring and identity theft insurance — no claim required; enrollment code included in settlement notice |
| Key Dates & Claims Site | Preliminary approval: February 17, 2026; claim deadline: June 15, 2026; final approval hearing: June 22, 2026; official site at SouthStateBankDataSettlement.com |
All living U.S. persons who received the notice are covered by the $1.5 million settlement, which was preliminary granted by the court on February 17, 2026. In the context of data breach settlements that impact two million individuals, the money itself is a little sum. Practically speaking, it offers a layered set of advantages that class members must actively pursue; the deadline for doing so is June 15, 2026.
The details are important. With supporting third-party documents such as bank statements, receipts, or professional bills, class members who suffered verifiable out-of-pocket losses due to the breach may request reimbursement of up to $3,500. Bank fees, credit monitoring or credit freeze costs, replacement prices for compromised identification documents, unauthorized charges, and even postal and travel expenses related to handling the fallout from identity theft attempts are all considered reimbursable losses.
Regardless of recorded losses, a different reward is offered. A one-time, prorated cash reward is available to all class members; no documentation beyond class membership is needed. The number of claims that are finally filed against the remaining fund following the computation of documented-loss reimbursements and legal fees will determine the amount of this payout.
Pro-rated no-proof compensation have historically ranged from about $20 to $150 per class member in comparable data breach settlements, however actual amounts vary depending on settlement size and claim rate. Members of the class may submit a single claim form asking for both kinds of compensation. Checks and electronic transfers are accepted forms of payment, and checks must be paid within 120 days of being issued.
The benefit of credit monitoring is automatic. Members of the class are eligible for one year of one-bureau credit monitoring and identity theft insurance without having to submit a claim; however, once the administrator starts sending out activation instructions following final approval, they must activate the enrollment using a code included in their settlement notice.
The actual final approval is set for June 22, 2026. Nothing in the settlement is paid out prior to that date, and disbursements could be further delayed if there are any appeals after final approval. This is typical for class action settlements and is just the way the process operates, so there is no need to be concerned.
According to the underlying case, SouthState Bank neglected to put in place appropriate cybersecurity safeguards to protect the private data it was required by law to preserve. A generation of data breach lawsuits in the US have revolved on this accusation and the idea of “reasonable cybersecurity” as a legal threshold. A pool of funds, individual documented-loss recompense, a prorated payment for everyone else, and a term of credit monitoring are typical components of the settlements that follow.
A person whose Social Security number is currently circulating in the cybercriminal market and will stay there for the remainder of their life is not fully compensated by any of it. Reading through these settlements year after year gives the impression that the US response to data breach accountability has settled into a pattern that is both clearly insufficient given the extent of the harm yet better than nothing.
One recent instance of that pattern is the data settlement from SouthState Bank. For those in the class who are reading this, the practical question is rather straightforward: if you were notified in early 2024, look for the claim packet in your email and mail records, and if you choose to participate, file by June 15. There is a deadline. It’s a small window. The advantages are small but real.
