← All Open Settlements
Data Breach

University of St. Thomas – Houston Data Breach Settlement

Settlement Amount
Up to $5,100 documented OR $50 alt cash + credit monitoring
Claim Deadline
September 28, 2026
Max Per Claimant
Up to $5,100 per claimant

University of St. Thomas – Houston, a private Catholic university in Montrose, Houston, Texas, has agreed to settle Amy Crull v. University of St. Thomas (Cause No. 2025-83309, Harris County) over a July 25–August 12, 2025 network intrusion affecting approximately 26,000+ people. Eligible class members may claim up to $500 ordinary losses, up to $4,500 extraordinary losses, a $100 Sensitive Personal Information payment (with causation documentation), three years of credit monitoring, or a $50 alternative cash payment. Deadline: September 28, 2026. This settlement concerns the Houston campus — not the Minnesota university of the same name.

Do I Qualify?

You may be eligible if:

Login ID and PIN required for online claims (Login ID required for mail claims) from your settlement notice. Ordinary losses (up to $500): third-party documentation of out-of-pocket expenses. Extraordinary losses (up to $4,500): documentation of unreimbursed fraud/identity-theft losses plus exhaustion of other insurance/monitoring options. $100 Sensitive Personal Information tier: requires third-party documentation showing the disclosure was more likely than not caused by the Data Incident — this is not a no-proof payment. $50 alternative cash: available in lieu of documented out-of-pocket or credit-monitoring claims; notice credentials still required to file.

File your claim through the official settlement website at ustdatasettlement.com before September 28, 2026.

File Your Claim →

What Happened?

On or about August 12, 2025, University of St. Thomas – Houston discovered suspicious activity on its computer network. An investigation determined unauthorized access to certain systems between July 25, 2025 and August 12, 2025, and that certain files containing Private Information were accessed and/or acquired. Notifications to affected individuals began around May 26, 2026 (settlement notice mailing around June 29, 2026).

This lawsuit is Amy Crull v. University of St. Thomas, Cause No. 2025-83309, pending in the 11th Judicial District Court of Harris County, Texas — confirming the Houston university, not the University of St. Thomas in Minnesota.

UST disputes the claims and denies wrongdoing but agreed to settle to avoid the cost and uncertainty of continued litigation. Official claims portal: USTDataSettlement.com.

How to File Your Claim

  1. Visit USTDataSettlement.com and submit a claim online using the Login ID and PIN from your settlement notice
  2. Or download the PDF claim form and mail it to UST Data Settlement, P.O. Box 25226, Santa Ana, CA 92799 (Login ID required for mail claims)
  3. Choose documented ordinary losses (up to $500), extraordinary losses (up to $4,500), and/or Sensitive Personal Information disclosure ($100 with third-party documentation)
  4. Or elect three years of one-bureau credit monitoring
  5. Or, in lieu of documented out-of-pocket losses or credit monitoring, claim the $50 alternative cash payment
  6. Submit online or postmark by September 28, 2026
  7. Opt-out and objection deadline is August 28, 2026
  8. Case: Amy Crull v. University of St. Thomas, Cause No. 2025-83309, 11th Judicial District Court of Harris County, Texas
  9. Phone: (833) 421-7269
  10. Visit the official claim form: https://ustdatasettlement.com/

How Much Will I Actually Get?

Class members may pursue multiple documented benefit paths: (1) Ordinary losses — up to $500 for documented out-of-pocket expenses fairly traceable to the Data Incident (professional fees, credit repair, credit freeze/unfreeze costs, credit monitoring incurred July 25, 2025–September 28, 2026, copy/notary fees, mileage, postage); (2) Extraordinary losses — up to $4,500 for documented, unreimbursed monetary losses from fraud or identity theft more likely than not caused by the Data Incident, incurred after the incident, not covered by other categories, after exhausting available credit monitoring or identity theft insurance; (3) Sensitive Personal Information disclosure — a $100 cash payment with third-party documentation showing the disclosure was more likely than not caused by the breach (for example employment files or other private records). Settlement Class Members may also elect three years of one-bureau credit monitoring and identity theft protection with at least $1,000,000 in identity theft insurance. Alternative cash: in lieu of documented out-of-pocket expense reimbursement or credit monitoring, class members may submit a claim for an alternative cash payment of $50.00. Benefits are per-claimant caps; no aggregate settlement fund total is stated on the official settlement site.

Last reviewed: July 12, 2026 | Information verified from court records and official settlement documents.

Frequently Asked Questions

Who qualifies for the University of St. Thomas Houston data breach settlement?
You may qualify if you reside in the United States and were mailed a Notice Letter by University of St. Thomas (Houston, Texas) stating that your personal information was potentially compromised in the Data Incident between July 25, 2025 and August 12, 2025. The settlement class covers individuals who received that notice; the ransomware-related incident affected more than 26,000 current and former students, employees, and other individuals. This case is Amy Crull v. University of St. Thomas, Cause No. 2025-83309, in the 11th Judicial District Court of Harris County, Texas — the Houston university (stthom.edu), not the University of St. Thomas in Minnesota.
How much can I get from the UST Houston data breach settlement?
Class members may claim documented out-of-pocket benefits in three tiers: (1) Ordinary losses up to $500 for expenses such as professional fees, credit repair, credit freezes, credit monitoring incurred July 25, 2025 through September 28, 2026, and miscellaneous costs like notary, postage, and mileage; (2) Extraordinary losses up to $4,500 for documented, unreimbursed fraud or identity-theft losses more likely than not caused by the Data Incident after exhausting other insurance or monitoring options; and (3) a $100 cash payment for disclosure of Sensitive Personal Information (for example employment files) with third-party documentation showing the disclosure was more likely than not caused by the breach. Separately, class members may elect three years of one-bureau credit monitoring with at least $1,000,000 in identity theft insurance, or — in lieu of documented out-of-pocket claims or credit monitoring — an alternative cash payment of $50.
Is proof required for the University of St. Thomas Houston settlement?
Online claims require the Login ID and PIN from your settlement notice; mail claims require at least the Login ID. Ordinary and extraordinary loss claims require third-party supporting documentation such as receipts or invoices. The $100 Sensitive Personal Information payment is not a no-proof tier — you must submit third-party documentation (not self-prepared) supporting that the disclosure was more likely than not caused by the Data Incident. The $50 alternative cash payment does not require out-of-pocket documentation, but you still need notice credentials to file.
What is the claim deadline for the UST Data Settlement?
Claims must be submitted online or postmarked by September 28, 2026 at USTDataSettlement.com. Requests to opt out (exclude yourself) and objections must be postmarked by August 28, 2026. Notification mailing began around June 29, 2026. File through the official settlement site or mail the claim form to UST Data Settlement, P.O. Box 25226, Santa Ana, CA 92799. For questions, call toll-free (833) 421-7269.
What information was exposed in the University of St. Thomas Houston data breach?
Unauthorized access to the University of St. Thomas (Houston) network occurred between July 25, 2025 and August 12, 2025. Files containing Private Information were accessed and/or acquired, including categories such as credit card and bank account information, Social Security numbers, passports and licenses, work-related logins and passwords, home addresses, email addresses, phone numbers, donor and club membership information, and other confidential records. Individual notice letters describe the specific data elements tied to each person — categories vary by class member.
How do I file a claim in the Amy Crull v. University of St. Thomas settlement?
File online at USTDataSettlement.com using the Login ID and PIN from your settlement notice postcard or letter, or download the claim form and mail it to UST Data Settlement, P.O. Box 25226, Santa Ana, CA 92799. Choose your benefit path on the claim form (documented ordinary/extraordinary/Sensitive Personal Information losses, credit monitoring, or the $50 alternative cash payment). Submit by September 28, 2026. This settlement concerns the Houston, Texas campus in Harris County — confirm you received notice from University of St. Thomas in Houston before filing.
💰 Get alerted when new settlements open — free money, no spam.