$20M Fortra data breach class action settlement receives final approval

Fortra data breach class action settlement overview:

• Who: A federal judge has granted final approval to a $20 million class action settlement in a Fortra data breach class action lawsuit.
• Why: The settlement resolves allegations that a data breach involving Fortra’s GoAnywhere MFT software exposed the personal information of millions of individuals.
• Where: The Fortra data breach class action settlement was approved in Florida federal court.

A Florida federal judge has granted final approval to a $20 million class action settlement resolving claims that a data breach involving Fortra’s GoAnywhere MFT software exposed the personal information of millions of individuals.

U.S. District Judge Rodolfo Ruiz of the United States District Court for the Southern District of Florida issued an order Sept. 17 granting final approval to the Fortra data breach class action settlement filed by multiple individuals whose personal health information was stolen by the Clop ransomware group in 2023 and sold on the dark web.

The settlement is in addition to a $7 million settlement approved in February between a subclass of individuals and Brightline Inc.

The Fortra data breach occurred in January 2023 and was believed to be the work of the Clop ransomware group, according to the Cybersecurity and Infrastructure Security Agency, and lasted about 10 days. CISA said the breach affected about 130 organizations that use Fortra’s GoAnywhere MFT software.

At least two dozen lawsuits were filed in multiple states and consolidated into a multidistrict litigation in the Southern District of Florida in February 2024.

In addition to Fortra, other defendants in the MDL are Aetna Inc., Community Health Systems and NationsBenefits LLC. The companies were accused of failing to adequately protect the private information of the class members.

The settlement includes an all-cash fund of $20 million that will be used to pay class member benefits, attorney fees and administration costs.

As part of the settlement, defendants Fortra, NationsBenefits, Intellihartx LLC, Imagine360 LLC and Community Health Systems provided attestations confirming they have enhanced the security of their systems to protect against future cybersecurity breaches.

Class members will be able to get free dark web monitoring

In addition to the monetary damages awarded, the settlement gives class members the option to choose dark web monitoring, except for the Brightline subclass members, who previously elected to receive credit monitoring under their settlement, according to Judge Ruiz’s order.

Each settlement class member has the option to receive up to $5,000 for documented losses, or they may choose to receive a flat cash payment of $85, according to the order. Judge Ruiz said the Brightline subclass members can only receive settlement benefits if they weren’t fully compensated under the Brightline settlement.

He also awarded attorney fees equal to 33.33% of the $20 million settlement, or $6,666,666.

In addition, roughly $2.3 million was awarded to class counsel in the $7 million settlement in February, according to Jeff Ostrow of Kopelowitz Ostrow PA, who represents the class. More than $263,800 was also awarded for reasonable litigation costs.

What do you think of the Fortra data breach class action settlement? Tell us your thoughts in the comments.

The Fortra data breach class action lawsuit is In re: Fortra File Transfer Software Data Security Breach Litigation, Case No. 1:24-md-03090, in the U.S. District Court for the Southern District of Florida.

Read About More Class Action Lawsuits & Class Action Settlements:

• Pedialyte class action claims ‘healthy’ hydration drinks contain harmful artificial sweetener
• Fireball, Parrot Bay drinkers win class action lawsuit certification over lookalike malt drink labels
• FTC refunds issued in September 2025: Who’s getting paid?
• California jury finds Uber negligent but not liable in sexual assault case