University of St. Thomas – Houston Data Breach Settlement
University of St. Thomas – Houston, a private Catholic university in Montrose, Houston, Texas, has agreed to settle Amy Crull v. University of St. Thomas (Cause No. 2025-83309, Harris County) over a July 25–August 12, 2025 network intrusion affecting approximately 26,000+ people. Eligible class members may claim up to $500 ordinary losses, up to $4,500 extraordinary losses, a $100 Sensitive Personal Information payment (with causation documentation), three years of credit monitoring, or a $50 alternative cash payment. Deadline: September 28, 2026. This settlement concerns the Houston campus — not the Minnesota university of the same name.
Do I Qualify?
You may be eligible if:
- You reside in the United States and were mailed a Notice Letter by University of St. Thomas (Houston, Texas) about the Data Incident
- Unauthorized access occurred between July 25, 2025 and August 12, 2025 on the Houston campus network
- You are among the approximately 26,000+ current/former students, employees, or other individuals notified
- You have your Login ID (and PIN for online claims) from the settlement notice
- You submit a valid claim by September 28, 2026
Login ID and PIN required for online claims (Login ID required for mail claims) from your settlement notice. Ordinary losses (up to $500): third-party documentation of out-of-pocket expenses. Extraordinary losses (up to $4,500): documentation of unreimbursed fraud/identity-theft losses plus exhaustion of other insurance/monitoring options. $100 Sensitive Personal Information tier: requires third-party documentation showing the disclosure was more likely than not caused by the Data Incident — this is not a no-proof payment. $50 alternative cash: available in lieu of documented out-of-pocket or credit-monitoring claims; notice credentials still required to file.
File your claim through the official settlement website at ustdatasettlement.com before September 28, 2026.
File Your Claim →What Happened?
On or about August 12, 2025, University of St. Thomas – Houston discovered suspicious activity on its computer network. An investigation determined unauthorized access to certain systems between July 25, 2025 and August 12, 2025, and that certain files containing Private Information were accessed and/or acquired. Notifications to affected individuals began around May 26, 2026 (settlement notice mailing around June 29, 2026).
This lawsuit is Amy Crull v. University of St. Thomas, Cause No. 2025-83309, pending in the 11th Judicial District Court of Harris County, Texas — confirming the Houston university, not the University of St. Thomas in Minnesota.
UST disputes the claims and denies wrongdoing but agreed to settle to avoid the cost and uncertainty of continued litigation. Official claims portal: USTDataSettlement.com.
How to File Your Claim
- Visit USTDataSettlement.com and submit a claim online using the Login ID and PIN from your settlement notice
- Or download the PDF claim form and mail it to UST Data Settlement, P.O. Box 25226, Santa Ana, CA 92799 (Login ID required for mail claims)
- Choose documented ordinary losses (up to $500), extraordinary losses (up to $4,500), and/or Sensitive Personal Information disclosure ($100 with third-party documentation)
- Or elect three years of one-bureau credit monitoring
- Or, in lieu of documented out-of-pocket losses or credit monitoring, claim the $50 alternative cash payment
- Submit online or postmark by September 28, 2026
- Opt-out and objection deadline is August 28, 2026
- Case: Amy Crull v. University of St. Thomas, Cause No. 2025-83309, 11th Judicial District Court of Harris County, Texas
- Phone: (833) 421-7269
- Visit the official claim form: https://ustdatasettlement.com/
How Much Will I Actually Get?
Class members may pursue multiple documented benefit paths: (1) Ordinary losses — up to $500 for documented out-of-pocket expenses fairly traceable to the Data Incident (professional fees, credit repair, credit freeze/unfreeze costs, credit monitoring incurred July 25, 2025–September 28, 2026, copy/notary fees, mileage, postage); (2) Extraordinary losses — up to $4,500 for documented, unreimbursed monetary losses from fraud or identity theft more likely than not caused by the Data Incident, incurred after the incident, not covered by other categories, after exhausting available credit monitoring or identity theft insurance; (3) Sensitive Personal Information disclosure — a $100 cash payment with third-party documentation showing the disclosure was more likely than not caused by the breach (for example employment files or other private records). Settlement Class Members may also elect three years of one-bureau credit monitoring and identity theft protection with at least $1,000,000 in identity theft insurance. Alternative cash: in lieu of documented out-of-pocket expense reimbursement or credit monitoring, class members may submit a claim for an alternative cash payment of $50.00. Benefits are per-claimant caps; no aggregate settlement fund total is stated on the official settlement site.
Last reviewed: July 12, 2026 | Information verified from court records and official settlement documents.