Case Overview

| | |

|---|---|

| Article Type | Settlement Roundup |

| Vertical | Privacy, Data & TCPA |

| Settlements Covered | 3 |

| Published | April 2026 |

3 Data Breach Settlements With Approaching Deadlines: Avis, LastPass, and Concord Orthopaedics

Several data breach class action settlements are currently open for claims, covering a rental car giant, a widely used password manager, and a New Hampshire orthopedic provider. If your personal information was exposed in any of these incidents, you may be running out of time to file. Here's what you need to know about each case.

1. Avis Data Breach Class Action Settlement

Deadline: Check the official claim portal for current deadline

Estimated Payout: Varies by claimant

Who Qualifies: Individuals whose personal information was allegedly compromised in the Avis data breach

According to a recent settlement overview from Top Class Actions, Avis Budget Group has agreed to resolve class action claims stemming from a data breach that allegedly exposed customer information. The lawsuit alleged that Avis failed to adequately protect personal data entrusted to it by customers, leaving affected individuals vulnerable to identity theft and fraud.

Affected individuals who submit a valid claim may be eligible for compensation, though individual payouts will vary depending on the number of claimants and the nature of harm documented. Claimants may be asked to provide documentation of any out-of-pocket losses tied to the breach.

How to claim: Visit the official Avis data breach settlement site for claim instructions, eligibility details, and the current filing deadline.

2. LastPass Data Breach — $8.2 Million Class Action Settlement

Deadline: To be confirmed; settlement is currently pending court approval

Estimated Payout: Pro-rata share of $8.2 million fund, amount varies

Who Qualifies: Consumers whose data was allegedly compromised in the 2022 LastPass breach

LastPass, a widely used password management service, has agreed to pay $8.2 million to resolve class action litigation arising from a 2022 data breach, according to reporting by Top Class Actions. The lawsuit alleged that the company failed to implement adequate security measures to prevent unauthorized access to its systems, resulting in the compromise of encrypted password vaults and other sensitive consumer information.

The 2022 breach was notable for the type of data involved. According to the complaint, attackers gained access to customer vault data — information that could potentially expose stored passwords, usernames, and associated account credentials if decrypted. The lawsuit alleged that LastPass's security practices fell short of industry standards and its own representations to users.

If the settlement receives final court approval, affected users may be eligible for a pro-rata share of the $8.2 million fund. Exact individual amounts will depend on the total number of valid claims submitted.

How to claim: Monitor the LastPass settlement claim portal for filing instructions and deadline updates as court approval progresses.

3. Concord Orthopaedics Data Breach Class Action Settlement

Deadline: To be confirmed; settlement terms are being finalized

Estimated Payout: Terms not yet publicly disclosed

Who Qualifies: Patients of Concord Orthopaedics Professional Association whose protected health information was allegedly exposed

Concord Orthopaedics Professional Association, a New Hampshire-based orthopedic and rheumatology practice, has agreed to settle a consolidated class action lawsuit stemming from a data breach that allegedly compromised patient information, according to reporting by the HIPAA Journal. The lawsuit alleged that the provider failed to maintain adequate safeguards to protect sensitive medical and personal data.

Healthcare data breaches are particularly significant given the sensitivity of the information involved. According to the complaint, the breach may have exposed protected health information — a category of data that can include diagnoses, treatment records, Social Security numbers, and insurance details. Under HIPAA, healthcare providers are required to maintain specific safeguards for this type of data, and the lawsuit alleged Concord Orthopaedics fell short of those obligations.

Settlement terms, including the total fund amount and per-claimant compensation, had not been publicly disclosed at the time of publication. Eligible patients will likely include individuals who received care at the practice during the relevant period.

How to claim: Check for updates through the official settlement administrator once claim details are made public.

Key Takeaways

• Medical data breaches carry elevated risk. The Concord Orthopaedics settlement involves protected health information, which can include diagnoses and insurance data — making it especially sensitive compared to typical consumer data exposures.
• Password manager breaches are unique. The LastPass settlement stems from a breach involving encrypted vault data, meaning the compromised information could include stored credentials for dozens or hundreds of accounts per user.
• Proof of harm may affect your payout. For settlements like Avis, documenting out-of-pocket costs — such as credit monitoring expenses or time spent responding to fraud — may increase potential compensation.
• Not all deadlines are final. Settlement deadlines can shift as courts schedule approval hearings. Check official claim portals frequently for the most current filing windows.
• You don't always need a receipt. Data breach settlements often allow affected individuals to submit claims based on account records or notification letters alone — check each settlement's specific requirements.

Have you filed a claim for any of these settlements? Share your experience in the comments below.

This article is for informational purposes only and does not constitute legal advice. Eligibility determinations can only be made by a qualified attorney or the settlement administrator.