Data Breach Settlements: What You Can Actually Claim (Keep Your Receipt)

Two postcards in two months

I've gotten two data-breach settlement postcards in the last two months. One from Comcast — a $117.5 million settlement over a breach back in October 2023. One from Lakeview Loan Servicing — $26 million. Different companies, different breaches, same form letter: your data was exposed, and here are a few dollars for your trouble.

Same settlement administrator, too. Same PO box in New York. That's how routine this has become.

I didn't click a bad link. I didn't reuse a password. I was just a customer once — of an internet provider, of a mortgage servicer — and that alone was enough to put my name and address into a breach, then a class action, then my mailbox.

The postcard is the part you can see

A settlement notice is the receipt for a system that already failed. By the time it reaches you, the data has been out for a year or two — copied, sold, and quietly resurfaced on people-search sites long after you've forgotten the company existed.

But buried in the fine print of these settlements is something most people miss: they often reimburse money you spent protecting yourself after the breach.

What you can actually claim

The eligible-expense lists usually include credit monitoring, credit-freeze fees, and — in the broader category most settlements use — "other products related to detection or remediation of identity theft." Identity-protection and data-removal services can fall under that umbrella.

In practice: if you paid for a service to reduce your exposure after a breach, keep the receipt. When you file your claim, it may qualify as a reimbursable out-of-pocket cost. It is not automatic — every settlement defines its own eligible expenses and the administrator decides — but it costs nothing to claim it correctly, with documentation.

Three things decide it:

• Timing — the expense came after the breach date.
• Documentation — a real invoice, receipt, or card statement (a handwritten note does not count).
• Relevance — it is a genuine measure to protect you from that breach's fallout.

File the claim — then look

Filing takes a few minutes, and even the "lost time" you spent freezing your credit and changing passwords is usually worth a small reimbursement. Do it.

But the postcard only tells you about one breach. It says nothing about the data brokers that may be listing your home address and phone number right now — including data that traces back to breaches you were never notified about.

Keeping your data off broker sites is worth doing regardless of any settlement. It is the difference between a stranger finding your home address in ten seconds and finding nothing. If a breach already happened to you, file the claim and keep your receipts — and then find out what is actually exposed.

The one way to see your own map — the addresses, the phone numbers, the relatives some broker cross-referenced into a profile — is to look. That is the same scan we run at ghostmydata.com. Not a pitch — just the way to see what is out there about you before you decide what to do about it.

Note: This is general information, not legal advice. Always read your specific settlement's eligible-expense terms before filing.