Students and staff at American International College who had personal information exposed in a 2024 data breach are now eligible to file claims for financial losses under a class action settlement. The deadline to submit a claim is July 22, and once it passes, the window to seek reimbursement will almost certainly close for good.
AIC, a small private college in Springfield, Massachusetts with roughly 2,000 students, disclosed the breach through a mandatory filing with the Maine Attorney General’s office, which requires organizations to report data compromises affecting Maine residents. The college’s Notice of Data Event, attached to that filing, provides the most detailed public account of the incident. As of June 2026, the settlement claims process is open but nearing its end.
What happened in the breach
The Maine AG filing confirms that AIC discovered a security incident in 2024, investigated it, and determined that personal information had been compromised. The college treated the event as a reportable data breach rather than a routine IT disruption, and it notified both regulators and affected individuals. The filing does not specify the nature of the attack, such as whether it involved ransomware, phishing, or another method of unauthorized access. Maine’s reporting framework captures the fact that a breach occurred but does not always require organizations to detail the technical vector.
Two publicly available spreadsheets on the Maine Attorney General’s website offer additional context. The reporting form data captures structured fields AIC completed when notifying the state, including the date of the incident and whether law enforcement was contacted. A broader statewide breach log places the AIC incident alongside hundreds of other disclosures the Attorney General’s office has received.
What the public filings do not specify is exactly which categories of data were exposed. The college’s notification references “personal information,” but whether that includes Social Security numbers, financial account details, or medical records is not broken out in the state’s regulatory listing. That distinction carries real weight: a stolen Social Security number can fuel identity theft for years, while a compromised campus email address poses a far smaller risk.
Who qualifies and what the settlement covers
Settlement notices sent to class members describe compensation for out-of-pocket financial harm directly tied to the breach. Claimants need to show actual, documented losses rather than simply prove they were part of the exposed group. Based on those notices, covered expenses typically include:
- Fraudulent charges on bank or credit accounts
- Fees paid to replace compromised debit or credit cards
- Credit monitoring services purchased after learning of the breach
- Time spent resolving identity theft, supported by records or written statements
This “documented losses” model is common in data breach class actions. In practice, it rewards people who kept receipts, bank statements, or a written log of the hours they spent untangling fraud. Anyone who experienced frustration or worry but cannot point to a specific financial cost is unlikely to receive a payout under this structure.
Several details remain outside the public record as of June 2026. No court filing or regulatory document available through the Maine AG portal specifies the maximum payout per claimant, the total settlement fund, or whether separate tiers exist for different types of loss. The full number of affected individuals is also unclear; Maine’s rules require disclosure of the count of state residents impacted, but that figure alone would not capture the entire class if students, alumni, or employees reside in other states. Neither the college nor the settlement administrator responded to requests for comment before publication.
How to file before the July 22 deadline
If you received a settlement notice referencing the American International College data breach, start by reading it carefully. The notice will contain claim-form instructions, submission options (typically online and by mail), and any postmark or upload deadlines.
Before filing, pull together documentation that ties your financial losses to the breach. Bank or credit card statements showing unauthorized charges, invoices for credit monitoring services, and a written log of hours spent on the phone with fraud departments can all strengthen a claim. The more specific the paper trail, the better the chance of reimbursement.
The July 22 deadline appears in settlement notices sent to class members. This reporting has not been able to confirm the date through a publicly available court order, so anyone considering a claim should verify the deadline using the notice they received or by contacting the settlement administrator listed on it.
People who did not receive a direct notice but believe their information may have been involved can check the Maine AG’s breach listing linked above for updates. Because the public regulatory record on this incident is limited in scope, the settlement notice itself remains the most complete source of information about eligibility, claim procedures, and payout terms.
What the public record does and does not tell you
The Maine Attorney General’s breach listing and AIC’s attached notification are primary regulatory documents filed under legal obligation. They are the strongest publicly available evidence that the breach occurred, that the college reported it through official channels, and that personal information was at stake.
State breach notification filings, however, are narrow by design. They confirm that a reportable incident happened. They do not typically include settlement mechanics, claim-form details, or payout caps. Those specifics usually appear in court records or on a dedicated settlement website run by a third-party claims administrator. The absence of that information from the Maine filing does not mean it does not exist; it reflects the limited scope of what state law requires organizations to disclose publicly.
For anyone connected to American International College who suspects their data was part of this breach, the most important step right now is straightforward: check your mail and email for a settlement notice, review it closely, and decide whether to file before July 22. After that date, the chance to recover documented losses from this incident will very likely be gone.
