Nearly two years after hackers spent more than two weeks inside the systems of national insurance brokerage Alera Group, a $2 million settlement fund is open to people whose personal data was exposed. The deadline to file a claim is June 29, 2026, and anyone who received a settlement notice by mail is eligible to seek compensation for documented losses tied to the breach.
The breach window ran from July 19 through August 4, 2024. During that stretch, an unauthorized party accessed records that included Social Security numbers, dates of birth, bank account details, health insurance policy and ID numbers, and medical records. That is not a minor data spill. It is the kind of combination that gives criminals a near-complete toolkit for identity theft, fraudulent account openings, fake tax filings, and medical identity fraud.
What happened and who was affected
Alera Group operates as a network of local insurance and financial services firms offering employee benefits, property and casualty coverage, wealth management, and retirement plan administration. The company disclosed the breach through state attorney general filings and mailed notification letters to affected individuals.
A filing with the Washington State Attorney General, dated May 21, 2025, confirmed that 27,901 Washington residents were affected. The compromised data included:
- Social Security numbers
- Dates of birth
- Financial and banking account information
- Health insurance policy and ID numbers
- Medical records
That 27,901 figure covers Washington state alone. Because Alera Group operates nationwide, the total number of people affected is likely significantly higher. Other states maintain their own breach-notification registries. Maine, for example, runs a public breach database covering incidents reported since September 2020. As of June 2026, no consolidated national victim count has been published in the state-level registries reviewed for this article, including those maintained by Washington and Maine.
The type of data stolen here carries long-term consequences. A Social Security number paired with a date of birth and banking details can fuel fraud for years. Health insurance IDs create a separate, often overlooked risk: medical identity theft can go undetected for months or longer, surfacing only when a victim receives a bill for a procedure they never had or discovers errors in their medical history that could affect future treatment.
What the $2 million settlement covers
The settlement creates a $2 million fund from which affected individuals can file claims for losses connected to the breach. The terms and claims process were outlined in settlement notices mailed to eligible individuals. The June 29, 2026 deadline applies to all submissions.
The specific case name, court, and docket number associated with this class action settlement have not been independently confirmed for this article. Readers who want to verify the settlement terms or locate the court-approved agreement can search federal court dockets through PACER using search terms such as “Alera Group data breach” to find the jurisdiction, case number, and any publicly filed documents. The Washington AG filing confirms the breach itself, the dates, the data categories, and the state-level victim count, but does not contain the settlement dollar amount or claims process details.
In data breach class action settlements of this size, covered losses typically include documented out-of-pocket expenses: bank fees triggered by fraud, costs of replacing government-issued identification, charges for credit monitoring services purchased after the breach, and professional fees for identity-theft remediation. Whether this settlement includes additional categories of compensation, such as payments for time spent dealing with the breach’s fallout, depends on the specific court-approved terms detailed in the settlement notice.
It is also standard in cases like this for the settling company to deny wrongdoing while agreeing to fund the settlement. Whether Alera Group admitted liability here should be spelled out in the notice mailed to class members.
A practical question worth addressing: how far does $2 million stretch? Without a confirmed national victim count, precise per-person estimates are impossible. The settlement notice mailed to class members should include information about the estimated class size and the formula used to calculate individual payments. People who spent money on credit monitoring, paid fees to replace compromised documents, or lost funds to fraud directly tied to this breach would generally be positioned to receive larger payments than those filing without documented expenses. Gathering that documentation now, before the deadline, is the single most useful thing an affected person can do.
How to file a claim and protect yourself
Start with the settlement notice. If you were affected, you should have received a letter by mail from the settlement administrator. That letter contains your unique claim number, step-by-step filing instructions, and a breakdown of qualifying losses. Without it, filing a valid claim will be difficult.
If you believe you were affected but never received a notice:
- Check your state attorney general’s website for Alera Group breach filings and any links to the settlement claims portal.
- Contact Alera Group directly through the company’s official website or the phone number listed in any prior breach notification you received. Ask to be connected with the settlement administrator.
- Search federal court dockets through PACER using “Alera Group data breach” to locate the case name, jurisdiction, and any publicly filed settlement documents, including the claims website.
A necessary warning: scammers routinely piggyback on data breach settlements. Do not respond to unsolicited emails, texts, or phone calls asking for your Social Security number, bank details, or other sensitive information in connection with this case. A legitimate settlement administrator will never request that information through those channels. When in doubt, go directly to the claims website listed in your official notice or contact the administrator by phone using the number printed on that letter.
Whether or not you file a claim, the breach itself warrants protective action. Review your credit reports through AnnualCreditReport.com, the federally authorized source for free reports from Equifax, Experian, and TransUnion. Turn on transaction alerts for your bank and credit card accounts. Consider placing a credit freeze with all three bureaus, which is free and blocks new accounts from being opened in your name without your explicit approval. And because this breach included health insurance data, review any explanation-of-benefits statements from your insurer for services you did not receive.
Why letting the June 29 filing deadline pass is a costly mistake
Data breach settlement deadlines are enforced strictly. Late claims are almost always rejected, regardless of the reason. The harm from this breach, on the other hand, has no expiration date. A stolen Social Security number is useful to criminals indefinitely. Fraudulent medical records can affect treatment decisions years after the initial theft.
The $2 million fund is a limited, time-bound opportunity. Once the June 29 deadline passes, it closes. If you have been putting off dealing with this, now is the time to pull together your records: fraud alerts you placed, fees you paid, time you spent on the phone with banks or insurers, and any correspondence related to suspicious activity after the breach. Having that paperwork organized means you can file quickly and accurately before the window shuts.
David M. Keller is a finance writer based in Columbus, Ohio, covering personal finance and consumer-focused economic topics. He earned his degree in journalism from Ohio University and began his career reporting on local business and economic trends for a regional media outlet. Since then, he has contributed to a variety of online publications, focusing on clear, practical coverage of topics such as cost of living, debt, and everyday financial decision-making.
