Roughly 120,000 Fidelity Investments customers learned in late 2024 that their personal data had been stolen. If you were one of them, a class action settlement now lets you claim up to $5,000 in compensation, but only if you file by July 27. After that, the window shuts for good.
Below is a breakdown of the breach, who qualifies, and exactly how to get your claim in before the deadline.
What happened in the Fidelity breach
Over a three-day stretch from Aug. 17 to Aug. 19, 2024, an unauthorized third party created two fraudulent customer accounts and used them to access Fidelity’s internal systems. Once inside, the intruder was able to view and copy images of documents belonging to other customers, according to breach notification letters Fidelity later sent to those affected.
Fidelity reported the incident to state regulators, including the California Department of Justice and the Maine Attorney General’s office. The initial Maine filing listed approximately 77,099 affected customers. Fidelity later amended that number in an October 2024 update.
The company said it detected the unauthorized activity on Aug. 19 and moved immediately to cut off access. Fidelity has maintained that no customer accounts or funds were directly accessed during the incident, though it acknowledged that personal information tied to those accounts was exposed.
Who qualifies for the settlement
The settlement arises from Calloway v. Fidelity Investments, a class action filed in the U.S. District Court for the District of Massachusetts. Under its terms, customers who received a data-breach notification from Fidelity related to the August 2024 incident can file a claim for up to $5,000.
Your strongest proof of eligibility is the breach notification letter itself. Fidelity mailed these notices starting in October 2024, and a sample is available through the California Attorney General’s breach report. If you kept your copy, whether on paper or scanned, you already have the key document you need.
Claimants can seek reimbursement for out-of-pocket losses tied to the breach: costs for credit monitoring beyond what Fidelity provided, expenses from identity theft or fraud, and time spent dealing with the aftermath. Those with documented financial harm, such as fraudulent accounts opened in their name or unauthorized transactions, will generally have stronger claims for higher payouts. But the settlement also provides for payments to class members who did not suffer direct financial losses, consistent with how similar data-breach settlements are structured.
How to file a claim before July 27
Claims are administered by Epiq, a third-party settlement administrator. You can submit yours through the official settlement website at FidelityDataBreachSettlement.com. Here is what the process looks like:
1. Locate your breach notice. Search your physical mail, email inbox, and spam folders for any correspondence from Fidelity Investments dated after August 2024 that references unauthorized access, a data security incident, or an offer of complimentary credit monitoring through TransUnion.
2. Confirm your notice matches the August 2024 incident. Compare the language in your letter against the sample linked in the California Attorney General’s filing. This ensures your notification is tied to the specific breach covered by the settlement.
3. Submit your claim. Follow the instructions on FidelityDataBreachSettlement.com to file through the online portal or by mail. Gather any supporting documentation you have: receipts for credit monitoring services, records of fraudulent charges, correspondence with banks or credit bureaus, or a log of time spent on remediation. Keep copies of everything you submit.
Filing is free. There is no cost to submit a claim, and no penalty if the final payout comes in below the maximum. Missing the July 27 deadline, on the other hand, means forfeiting your right to any payment from this settlement.
If you prefer not to participate, the settlement website also outlines procedures for opting out or objecting to the agreement’s terms.
Protect yourself regardless of the settlement
Whether or not you file a claim, the breach exposed personal data that could still be misused. Stolen information from incidents like this routinely circulates on dark web marketplaces for months or years after the initial compromise.
As of June 2026, affected customers should still be taking these protective steps:
- Monitor your accounts. Check bank, brokerage, and credit card statements regularly for unfamiliar transactions. Turn on real-time alerts wherever your financial institutions offer them.
- Use the free credit monitoring while it lasts. Fidelity offered 24 months of complimentary credit monitoring and identity restoration services through TransUnion as part of its breach response. If you have not activated it yet, check your original notice for enrollment instructions before the window closes.
- Consider a credit freeze. Placing a freeze with Equifax, Experian, and TransUnion prevents new accounts from being opened in your name. It is free to set up and free to lift whenever you need to.
- Dispute suspicious activity immediately. If you spot unauthorized charges or accounts, report them to your financial institution and file a complaint with the FTC at IdentityTheft.gov.
What Fidelity breach claimants should do right now
Court-approved deadlines in data-breach settlements are strictly enforced. Once July 27 passes, the claims window closes and late submissions will not be accepted. The settlement fund is fixed, and payments will be distributed only to those who filed valid claims on time.
For the roughly 77,000 customers caught up in this breach, the math is straightforward. Filing takes minutes, costs nothing, and preserves your right to compensation of up to $5,000. Waiting risks losing that right entirely. If you received a notice, dig it out, pull together your records, and file at FidelityDataBreachSettlement.com before the deadline passes.
