Case Overview

| | |

|---|---|

| Article Type | Settlement Roundup |

| Vertical | Privacy, Data & TCPA |

| Deadline Window | April–June 2026 |

| Cases Covered | 5 |

Data Breach and TCPA Settlements to Watch: April 2026 Roundup

Several privacy-related class action settlements are moving toward resolution this spring, spanning healthcare data breaches, a major password manager incident, a student data exposure, and a telemarketing dispute. If you or someone you know was affected by any of these cases, claim deadlines may be approaching. Here's what you need to know.

1. Concord Orthopaedics Data Breach Settlement

Deadline: TBD (settlement recently announced; claim period expected to open shortly)

Estimated Payout: Amount to be determined pending court approval

Who Qualifies: Patients of Concord Orthopaedics Professional Association whose personal or medical information was exposed in the breach

According to a recent report from the HIPAA Journal, Concord Orthopaedics Professional Association — a New Hampshire-based provider of orthopedic and rheumatology care — has agreed to settle a consolidated class action lawsuit arising from a data breach that allegedly compromised patient information. The complaint claims that the breach exposed sensitive personal and protected health information, leaving affected patients at risk of identity theft and financial harm. The settlement, if approved by the court, would resolve the consolidated litigation against the practice.

How to claim: Monitor the settlement administrator's website for claim form availability once the court grants preliminary approval.

2. LastPass Data Breach — $8.2 Million Settlement

Deadline: To be confirmed; settlement announced April 2026

Estimated Payout: Varies; individual amounts depend on total valid claims submitted

Who Qualifies: Consumers whose personal information was allegedly compromised in the 2022 LastPass data breach

LastPass has agreed to pay $8.2 million to resolve class action claims stemming from a 2022 security incident, according to reporting from Top Class Actions. The lawsuit alleged that LastPass failed to implement adequate security measures to prevent unauthorized access to its systems, resulting in the exposure of consumer data. LastPass has not admitted wrongdoing as part of the proposed resolution. Class members who submit valid claims may be eligible to receive a portion of the settlement fund, with individual payouts dependent on the number of approved claims.

How to claim: Visit the official settlement website — details expected to be published once the court issues a scheduling order.

3. Excelsior Orthopaedics & Buffalo Surgery Center — $2.4 Million Settlement

Deadline: June 11, 2026

Estimated Payout: Variable; pro-rata share of the net settlement fund

Who Qualifies: Individuals whose personal or medical information was exposed in the Excelsior Orthopaedics and Buffalo Surgery Center data breach

According to reporting from Top Class Actions, Excelsior Orthopaedics and Buffalo Surgery Center have agreed to a $2.4 million settlement to resolve class action claims related to a data breach that allegedly exposed patients' sensitive information. The lawsuit claimed that the organizations failed to adequately safeguard personal and protected health data, exposing affected individuals to potential identity theft and other harms. The June 11, 2026 deadline is one of the nearer-term filing cutoffs in this roundup, meaning eligible individuals may have limited time to act.

How to claim: A claim form is expected to be available through the settlement administrator; visit the Top Class Actions settlement page for direct links.

4. Register.com TCPA Settlement — $1.5 Million

Deadline: To be confirmed pending court approval

Estimated Payout: Potentially significant on a per-member basis; class is approximately 453 members

Who Qualifies: Individuals who received allegedly unsolicited calls or messages from Register.com in violation of the Telephone Consumer Protection Act

Register.com has agreed to pay $1.5 million to settle TCPA class action claims brought on behalf of approximately 453 class members, according to case reporting on TCPA World (Lewis v. Register.com, 2026 WL 930847). The lawsuit alleged that Register.com placed calls or sent messages to consumers without the required prior express consent, in violation of the TCPA. Because the class is relatively small, the per-member value of this settlement could be notable if the court approves the agreement. TCPA violations can carry statutory damages of $500 to $1,500 per violation.

How to claim: Class members identified through court records may receive direct notice; consult the case docket for updates on the claims process.

5. Naviance / Cherry Creek School District Student Data Breach

Deadline: TBD; settlement notice issued to affected families in early April 2026

Estimated Payout: Not yet publicly specified

Who Qualifies: Students and families whose information was allegedly exposed through the web-based education platform Naviance in a 2024 data breach affecting Cherry Creek School District and potentially other districts

According to reporting from Databreaches.net, families connected to Cherry Creek School District in Colorado recently received notification about a class action settlement tied to a 2024 data breach involving Naviance, a widely used college and career readiness platform. The school district confirmed in its own communication to families that the settlement notice email was legitimate. The lawsuit alleges that the breach exposed student information, raising concerns about how sensitive data belonging to minors is protected on third-party educational platforms. Affected families who received notice are encouraged to review the settlement details carefully before any filing deadline.

How to claim: Affected families should review the notice received from the settlement administrator for instructions on how to participate.

Key Takeaways

• Healthcare providers remain frequent breach targets. Three of the five cases in this roundup involve medical or orthopaedic practices, underscoring ongoing vulnerabilities in how patient data is stored and protected.
• The June 11, 2026 Excelsior Orthopaedics deadline is the most time-sensitive. If you believe you were affected by that breach, the window to file a claim is closing.
• Student data is increasingly in the spotlight. The Naviance case reflects a growing wave of litigation around third-party platforms that handle minors' information on behalf of schools.
• You may have already received a settlement notice. For cases like Naviance and Register.com, class members are often notified directly by mail or email — check your inbox and spam folders carefully.
• Payout amounts vary widely and depend on total claims filed. No settlement guarantees a specific individual payment; final amounts are calculated after the claims period closes.

Were you affected by any of these data breaches or received unsolicited communications covered by a TCPA case? Share your experience in the comments below.

InjuryClaims.com reports on litigation developments for informational purposes only. Nothing in this article constitutes legal advice. Eligibility for any settlement or lawsuit is determined by attorneys and courts, not by this publication.