Cencora Data Breach Settlement: How to File a Claim and Get Compensation

Photo of author

Written by: Lapain Epuran

Published on:

If you recently received a letter from Cencora (formerly known as AmerisourceBergen) or its subsidiary The Lash Group, you may be entitled to benefits from a $40 million settlement. This settlement is related to a significant data security incident that exposed personal information of potentially millions of individuals across the United States.

Many affected individuals are unsure whether this settlement applies to them, how much compensation they may receive, and what steps are required to secure a payout. This comprehensive guide breaks down everything you need to know about the Cencora Data Security Incident Settlement, including eligibility, claim options, payout types, deadlines, and how to protect your rights.

1 50

Overview of the Cencora Data Security Incident

On February 27, 2024, Cencora, Inc. filed a Form 8-K with the U.S. Securities and Exchange Commission, revealing that its data systems had been accessed by unauthorized third parties. This incident exposed sensitive personal information belonging to individuals who interacted with Cencora, its subsidiaries, or affiliated companies, including The Lash Group.

An investigation revealed that personal information was compromised between September 1, 2023, and August 5, 2025. Following the breach, Cencora began sending letters to affected individuals, as required by law, notifying them of the incident and providing steps for protection.

This breach exposed information that could be used in identity theft, fraud, or other malicious activities. The settlement, therefore, aims to compensate victims and strengthen Cencora’s future cybersecurity efforts.

What Personal Information Was Exposed

The data security incident potentially compromised a wide range of sensitive personal information, including:

  • Full names
  • Addresses
  • Dates of birth
  • Social Security Numbers
  • Health and insurance information
  • Financial account details
  • Payment information
  • Contact information
  • Transaction history
  • Passport information
  • Driver’s license numbers
  • Biometric data (e.g., fingerprints)
  • Criminal history
  • Employment details
  • Genetic information

Because the breach involved such sensitive categories of data, victims face increased risks of identity theft, fraudulent financial activity, and unauthorized use of health or insurance records.

Details of the Settlement

A class action lawsuit was filed against Cencora and The Lash Group for failing to adequately protect consumer data. To resolve the claims, Cencora agreed to a $40 million settlement fund.

This settlement provides compensation for:

  1. Reimbursement of documented losses directly linked to the breach.
  2. Cash fund payments for all affected individuals, regardless of whether they experienced specific financial harm.
  3. Enhanced data security measures to reduce the likelihood of future breaches.

The settlement is open to all U.S. residents whose personal information was impacted by the incident and who received notification via mail, website posting, or media release.

Who is Eligible to File a Claim

You may be eligible if:

  • You received a notice from Cencora about the data security incident.
  • Your personal information was exposed during the breach.
  • You are a U.S. resident.

Exclusions:

  • Cencora executives and officers.
  • The judges overseeing the case.
  • Immediate relatives of excluded individuals.

If you received a letter containing a claim number, that is the strongest indicator of eligibility. However, even if you did not receive a letter, you may still qualify if your information was included in the affected data systems.

How to File a Claim

Filing a claim is the only way to receive benefits from the settlement. You can submit a claim in two ways:

  1. Online Submission:
    • Visit the official claim website: Cencora Incident Settlement
    • Complete the online claim form.
    • Provide your claim number if you received one.
  2. Mail Submission:
    • Download and print the claim form from the settlement website.
    • Fill it out completely and attach supporting documents if applicable.
    • Mail it to the address provided on the form.

Types of Settlement Benefits

The settlement offers two main types of benefits:

1. Documented Loss Payments

  • Covers unreimbursed expenses directly caused by the breach.
  • Examples include fraudulent charges, bank fees, credit monitoring costs, or other losses tied to identity theft.
  • Maximum claim: up to $5,000 per individual.
  • Proof of loss required.

2. Cash Fund Payments

  • Available to all affected individuals, even if no financial loss occurred.
  • Does not require documentation.
  • The exact amount depends on the number of valid claims submitted and total available funds after administrative costs.

Important Note: If you submit a documented loss claim that is incomplete, your claim may automatically be converted to a cash fund claim, ensuring you still receive some compensation.

Important Deadlines

Mark these critical dates:

  • Exclusion/Objection Deadline: December 18, 2025
  • Claim Submission Deadline: January 19, 2026
  • Final Approval Hearing: February 5, 2026, at 10:30 AM ET

Missing these deadlines may result in losing your right to compensation.

Legal Rights and Options

As a class member, you have several legal options:

  1. Submit a Claim
    • Ensures you receive benefits.
    • Gives up your right to sue Cencora separately.
  2. Exclude Yourself
    • Retains your right to sue Cencora individually.
    • Forfeits your right to settlement benefits.
    • Must be postmarked by December 18, 2025.
  3. Object to the Settlement
    • Allows you to express concerns to the court.
    • You may still file a claim while objecting.
    • Must be postmarked by December 18, 2025.
  4. Do Nothing
    • You will not receive benefits.
    • You will give up your right to sue separately.

How Much You Could Receive

The amount you receive depends on your claim type:

  • Documented Loss Payments: Up to $5,000 with proof.
  • Cash Fund Payments: Varies depending on the number of approved claims.

Because the settlement fund is capped at $40 million, payouts will be distributed proportionally after deducting legal fees, administrative costs, and service awards.

Why This Settlement Matters

This settlement highlights growing concerns over corporate responsibility in protecting sensitive personal data. As healthcare and financial institutions increasingly rely on digital systems, breaches like Cencora’s expose individuals to long-term risks.

By pursuing accountability, this settlement:

  • Provides direct compensation to victims.
  • Forces companies to adopt stricter security measures.
  • Raises awareness of the importance of data privacy protections.

Cencora’s Response and Future Data Security Measures

In addition to the $40 million fund, Cencora has committed to:

  • Enhancing encryption and network monitoring systems.
  • Implementing multi-factor authentication across sensitive databases.
  • Providing ongoing employee training on cybersecurity practices.
  • Conducting regular third-party security audits.

These measures aim to prevent similar incidents in the future and restore public trust.

Frequently Asked Questions

1. Is the settlement legitimate?
Yes. It has been authorized by the U.S. District Court for the Eastern District of Pennsylvania.

2. Do I need a lawyer to file a claim?
No. Filing is free, and you do not need an attorney to participate.

3. What if I lost money but cannot prove it?
You may still qualify for a cash fund payment.

4. When will I receive payment?
Payments will be distributed after the Final Approval Hearing in February 2026, assuming no appeals delay the process.

5. Can I attend the final hearing?
Yes. You may attend the hearing on February 5, 2026, at 10:30 AM ET. Attendance is not required to receive benefits.

Final Thoughts

The Cencora Data Security Incident Settlement is one of the largest recent settlements involving healthcare and financial data breaches. With $40 million available, affected individuals have a real opportunity to receive compensation and closure.

If you received a letter or believe your personal information was compromised, take action before the deadlines. Submitting a claim is the only way to ensure you receive your share of the settlement.

By holding corporations accountable and demanding stronger data protections, individuals can help shape a future where personal information is treated with the highest level of security.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Comment on this post

Previous

Socmex.com Scam Exposed – What You Need To Know

Next

Volufiline Serum Review – Should You Buy It? Read This