Lewis & Clark College has agreed to pay $500,000 as part of a settlement for a class-action federal lawsuit stemming from a significant cyberattack that compromised the personal data of approximately 45,050 individuals.
This payout will be distributed to those whose information may have been breached in February 2023, which includes students, staff, employees, and alumni of the college.
Class members who submitted valid claims could receive up to $5,000 to cover documented out-of-pocket losses.
Additionally, they will also be offered two years of credit monitoring services to protect against the potential misuse of their personal information.
The damages include various expenses related to identity theft and misuse of personal data, such as costs associated with credit report freezes, notarization, long-distance phone calls, and any credit monitoring expenses incurred since February 28, 2023.
The lawsuit alleged that Lewis & Clark College failed to implement adequate security measures to protect sensitive personal information, including Social Security numbers, financial account details, and medical data, all of which were compromised in the breach.
Furthermore, it was claimed that the college did not notify affected individuals for over a year after the incident, which raised concerns among those impacted by the breach.
According to the college’s website, the cybercriminals involved published some of the stolen data on the dark web and initially alerted the college community about the breach in March 2023.
In April 2024, the college informed alumni, students, and staff about the breach, stating that they conducted a thorough review of the compromised data to identify those whose information was penetrated and subsequently issued notification letters.
U.S. Magistrate Judge Stacie F. Beckerman approved the settlement on Monday, deeming it fair and reasonable.
While the college denied any wrongdoing, it opted for the settlement to avert further litigation.
David W. Schelberg, the attorney representing the college, voiced no opposition to the settlement, and Kaleigh Boyd, representing the plaintiffs, praised the agreement as “overwhelmingly positive.”
The response rate from class members was notably high, with approximately 13% of eligible individuals submitting claims—significantly above the usual 1-5% response rate typical in such cases, according to Boyd.
“We are very pleased with the result,” she stated.
“We had an unusually high amount of interest from the class members.”
Boyd also highlighted that 93% of the settlement class individuals were notified, a critical factor in ensuring those affected had the opportunity to submit claims.
The funding from the settlement is expected to provide “meaningful monetary and non-monetary relief” to those who have suffered damages due to the breach, offering support in the wake of the incident.
A settlement administrator has also been appointed to manage claims for the class and has set up a toll-free help line to address any inquiries from class members regarding the settlement process.
Under the settlement, each of the five named plaintiffs in the case will receive $2,000.
These plaintiffs include Lisa Unsworth, a former employee; Michael Ramone, an alumnus; Christopher Potter, a visiting professor; Charles Sanderson, a graduate; and Therese Cooper, a former student.
Additionally, $166,666.67 has been allocated for attorney fees, along with $13,311 for associated costs.
Although no criminal charges were filed against anyone involved in the breach, there were reports of fraudulent activities affecting some of the named plaintiffs.
With the settlement approval, Judge Beckerman has dismissed the civil claims against the college.
Individuals with questions about the settlement can reach the settlement administrator via email at info@lcdatasettlement.com.
image source from:https://www.oregonlive.com/crime/2025/06/lewis-clark-college-to-pay-500k-to-settle-class-action-suit-from-cybersecurity-breach.html
