Cadence Bank Agrees to $5.25M Settlement Over MOVEit Data Breach

Cadence Bank has agreed to a $5.25 million class action settlement following allegations that a cyberattack exploiting the widely targeted MOVEit file transfer software exposed the sensitive personal information of its customers. According to a recent report on the settlement, those who received a data breach notification from the bank may be eligible for a cash payment.

The settlement, if approved by the court, would resolve claims that Cadence Bank failed to adequately protect customer data from a vulnerability in Progress Software's MOVEit Transfer tool — a flaw that threat actors exploited in a sweeping wave of cyberattacks in 2023 that ultimately affected hundreds of organizations worldwide.

What the Lawsuit Alleges

The complaint alleges that Cadence Bank stored customers' sensitive personal information on systems running MOVEit software and that the bank failed to implement sufficient security safeguards to protect that data. When cybercriminals exploited a now-notorious zero-day vulnerability in the MOVEit platform, the lawsuit alleges that customer data was exposed as a result.

The affected information may have included names, Social Security numbers, financial account details, and other personally identifiable information, according to the complaint. Plaintiffs argue that this exposure created a risk of identity theft and financial harm for affected individuals — risks they contend they did not consent to and could not have anticipated when entrusting their information to the bank.

The lawsuit further alleges that Cadence Bank's data security practices fell below reasonable industry standards and that the bank bears responsibility for the resulting harm to customers.

The MOVEit Breach: A Widespread Vulnerability

The Cadence Bank breach is part of a much larger pattern of cyberattacks linked to a critical security flaw in MOVEit Transfer, a file-sharing platform developed by Progress Software. Beginning in late May 2023, a ransomware group known as Cl0p began exploiting the vulnerability to infiltrate organizations across multiple industries — including financial services, healthcare, and government agencies.

According to cybersecurity researchers, the MOVEit campaign affected thousands of organizations globally and exposed the records of tens of millions of individuals, making it one of the largest data breach events in recent history. Cadence Bank is one of numerous financial institutions drawn into litigation as a result.

What the Settlement Could Mean for Affected Customers

Under the proposed $5.25 million settlement, individuals who received a data breach notification from Cadence Bank in connection with the MOVEit incident may be eligible to submit a claim for compensation. The specific payment amounts would likely depend on the total number of valid claims submitted and the nature of harm experienced.

Affected individuals who can document out-of-pocket losses tied to the breach — such as costs related to identity theft monitoring, fraudulent charges, or time spent addressing the breach's consequences — may be eligible for higher reimbursement tiers, according to details surrounding similar MOVEit settlements.

As with any class action settlement, final approval from the court is required before any payments are distributed. The settlement does not constitute an admission of wrongdoing by Cadence Bank.

Data Breach Litigation on the Rise

The Cadence Bank settlement reflects a broader surge in data breach class actions stemming from the MOVEit vulnerability. Dozens of lawsuits have been filed against companies across sectors, with financial institutions drawing particular scrutiny given the sensitivity of the data they hold.

At the same time, other high-profile data breach cases continue to move through the courts. A separate class action settlement has been reached over a 2025 data breach at Christian Dior, with affected consumers potentially eligible for benefits. Meanwhile, privacy litigation is not limited to data breaches: a newly filed class action against Angi Inc. alleges the home services marketplace sent unsolicited calls and text messages to consumers registered on the National Do Not Call Registry, in alleged violation of the Telephone Consumer Protection Act (TCPA) — which carries statutory damages of $500 to $1,500 per violation.

Together, these cases underscore the growing legal exposure companies face when customer data and communication preferences are not adequately protected.

Related Cases

• Christian Dior Data Breach Class Action Settlement
• Angi Faces Class Action Over Alleged Spam Calls and Texts
• MOVEit Data Breach Litigation: What Consumers Should Know

Lawsuit: Cadence Bank MOVEit Data Breach Class Action

Settlement Amount: $5.25 million (proposed)

Court: To be confirmed

Status: Awaiting court approval

Have you received a data breach notification from Cadence Bank? Share your experience in the comments below.

InjuryClaims.com reports on litigation developments for informational purposes only. Nothing in this article constitutes legal advice. Eligibility for any settlement or lawsuit is determined by attorneys and courts, not by this publication.