When a settlement notice arrives in their inbox, people usually squint at it. They then look it up on Google. Additionally, there has been a lot of squinting lately due to the Flagstar Bank class action. Postcards in mailboxes, emails with Settlement Claim IDs hovering above someone’s name, Facebook groups filling up with the same question phrased twenty different ways. Is someone looking for Social Security numbers, or is this something genuine?
After looking through court documents and the official settlement website, the short answer is in the affirmative. It is genuine. In order to address claims related to two data breaches that occurred at the bank in 2021, Flagstar Bank, which is now a part of Flagstar Financial, has agreed to pay $31.5 million. The official website, flagstarsettlement.com, went live in May after a federal judge in Michigan granted preliminary approval back in February. Considering how long this case has been dragging through the courts, there’s something almost anticlimactic about that.
The actual breaches weren’t minor. In the first, which was revealed in March 2021, hackers gained access to a file-sharing website that Flagstar utilized. The personal information of about 1.47 million people was compromised. The bank then revealed a second incident in June 2022, which involved a direct intrusion into its network and affected an additional 1.5 million people. When you add them up, you get about 2.18 million Americans whose data was improperly stored. The fact that about 364,000 of them resided in California is significant because the state has strong privacy regulations.
The settlement’s actual breakdown is striking. For documented financial losses, such as fraud, identity theft, credit repair costs, and even mileage and postage related to the breach, class members are eligible to receive up to $25,000. Although that cap seems reasonable, anyone who has attempted to submit one of these claims is aware of how difficult the paperwork can be. Third-party documentation is required. Bank statements and invoices. The kind of documents that most people don’t maintain for years in a tidy file. Additionally, there is a residual cash payment, which is currently estimated to be around $60 but could reach $599 depending on the number of applicants and the remaining funds in the fund. Residents of California are entitled to an additional $100 statutory payment. Additionally, all students receive three years of three-bureau credit monitoring, which is the feature that the majority of customers will most likely utilize.
However, it makes sense that there is skepticism on the internet. People have stopped reading breach settlements because there are now so many of them in mailboxes. T-Mobile and Equifax. Marriott. They all pledged substantial compensation. After deducting the legal fees and administrative expenses, each of them ended up writing checks for fractions of what was advertised. It has a sense of exhaustion. a feeling that the individuals whose data was stolen are rarely the true winners in these situations.
Nevertheless, the Flagstar settlement possesses the characteristics of a valid one. Federal court records verify the case number, Angus et al. v. Flagstar Bank, N.A., 2:21-cv-10657. Court-appointed attorneys oversee the website. The deadlines are very clear: the final approval hearing is set for October 1, 2026; opt-outs and objections are due on June 29; and claims must be submitted or postmarked by August 11, 2026.
The Settlement Claim ID at the top of the email or postcard is your entry point if you received a notice. The claim procedure becomes more difficult without it. According to the standard language in these agreements, Flagstar denies any wrongdoing, and the court has not found that the bank violated any laws. People frequently overlook that part. A settlement does not constitute a verdict. The conclusion is negotiated. Depending on which side of the breach you ended up on, it may or may not feel like justice.
