The New York Blood Center (NYBC) confirmed that a targeted cyberattack between January 20 and January 26, 2025, allowed an unauthorized actor to access internal systems and files. According to court filings and company disclosures, the breach affected approximately 194,000 blood donors across the United States, making it one of the more significant nonprofit healthcare data incidents reported that year.
The compromised data went far beyond basic contact details. Exposed information included full names, dates of birth, gender, Social Security numbers, blood types, certain blood test results, and medical identifiers. In some cases, banking information used for direct deposit was also accessed. Cybersecurity experts have repeatedly warned that combinations of medical and financial data significantly increase long-term identity theft risk, because medical identities are harder to change and often exploited years later.
NYBC acknowledged the breach publicly and stated it took immediate steps to secure its network, notify affected individuals, and enhance technical safeguards. While the organization denied wrongdoing, it agreed to a $500,000 class action settlement to resolve claims and avoid prolonged litigation.
The settlement fund is limited. That means timely filing matters, and payments may be adjusted depending on how many valid claims are submitted before the deadline. Legal experts note that many data breach settlements see low participation, which can increase individual payouts. But missing the deadline guarantees zero compensation.
In addition to cash payments, all eligible class members are entitled to one year of CyEx Medical Shield Pro, a service that includes $1 million in medical identity theft insurance, plus monitoring for healthcare insurance ID and medical record number misuse. Medical identity theft often surfaces slowly, sometimes years after an incident, which is why this coverage is included even for those who do not claim cash.
Most eligible individuals were sent a written or emailed notice directly from NYBC. That notice typically included a unique Notice ID and PIN, which can be used to submit a claim online. However, receiving a notice is not always required. Individuals who believe they were affected but are unsure can still verify their status through the settlement administrator.
The administrator can be contacted by mail, phone, or email. Verification is important, because only confirmed class members are eligible to receive payments or benefits under the settlement terms.
The first option allows eligible claimants to seek up to $2,500. This option is for individuals who can document out-of-pocket losses linked to identity theft or fraud that occurred between January 26, 2025, and February 11, 2026. Acceptable documentation may include bank statements, credit reports, invoices, or receipts showing fraudulent charges, unreimbursed losses, or expenses related to preventing identity theft.
The second option is a flat cash payment of $20, available with no documentation required. This amount may increase or decrease depending on the total number of approved claims and the size of the settlement fund. While modest, this option is designed to ensure compensation even for those who did not experience immediate financial harm.
Consumer advocates stress that data breach impacts are often delayed. Even individuals who have not yet suffered fraud may still face future risks, which is why filing a claim can be worthwhile.
The fastest and most reliable way to file is through the official settlement website, using the online claim form. Claimants may also submit a paper form by mail, but it must be postmarked by February 11, 2026, to be considered valid.
Legal analysts note that last-minute surges are common in data breach settlements, which can slow processing times. Filing early reduces the risk of technical issues or incomplete submissions. Once approved, payments will be distributed after final court review and administrative processing, a step that can take several months.
Nearly 194,000 Americans face a February 11, 2026 deadline to claim money from a $500,000 data breach settlement tied to the New York Blood Center. Exposed data includes Social Security numbers, medical records, and bank details. Eligible victims can claim up to $2,500 with proof or a flat cash payment without documents.
About 194,000 U.S. residents qualify if they received notice that their personal or medical data was exposed in the January 2025 cyberattack. Eligibility is limited to individuals whose information was confirmed compromised by the New York Blood Center or Memorial Blood Centers. Proof of notice or verification through the settlement administrator is required.
2: How much money can I get from the New York Blood Center settlement?
The settlement fund totals $500,000, with individual payouts capped at $2,500 for documented identity theft or fraud losses. Claimants without financial proof can still receive a flat $20 cash payment, subject to adjustment based on total approved claims.
3: What personal data was exposed in the New York Blood Center breach?
The breach exposed highly sensitive data, including Social Security numbers, dates of birth, blood types, medical test results, and some direct-deposit banking details. Cybersecurity filings confirm the intrusion lasted six days, increasing long-term identity theft and medical fraud risks.
4: What is the deadline to file a New York Blood Center data breach claim?
All claims must be submitted online or postmarked by February 11, 2026. Claims filed after this date are legally barred, regardless of eligibility. Settlement administrators report late filings are automatically rejected under court-approved terms.
The compromised data went far beyond basic contact details. Exposed information included full names, dates of birth, gender, Social Security numbers, blood types, certain blood test results, and medical identifiers. In some cases, banking information used for direct deposit was also accessed. Cybersecurity experts have repeatedly warned that combinations of medical and financial data significantly increase long-term identity theft risk, because medical identities are harder to change and often exploited years later.
NYBC acknowledged the breach publicly and stated it took immediate steps to secure its network, notify affected individuals, and enhance technical safeguards. While the organization denied wrongdoing, it agreed to a $500,000 class action settlement to resolve claims and avoid prolonged litigation.
$500,000 class action settlement approved in Minnesota court
The settlement was approved in Ramsey County District Court in Minnesota, covering both the New York Blood Center and Memorial Blood Centers. Under the agreement, eligible class members can choose between two cash payment options, depending on whether they experienced documented financial harm tied to the breach.The settlement fund is limited. That means timely filing matters, and payments may be adjusted depending on how many valid claims are submitted before the deadline. Legal experts note that many data breach settlements see low participation, which can increase individual payouts. But missing the deadline guarantees zero compensation.
In addition to cash payments, all eligible class members are entitled to one year of CyEx Medical Shield Pro, a service that includes $1 million in medical identity theft insurance, plus monitoring for healthcare insurance ID and medical record number misuse. Medical identity theft often surfaces slowly, sometimes years after an incident, which is why this coverage is included even for those who do not claim cash.
Who is eligible to file a New York Blood Center settlement claim
Eligibility is narrowly defined. According to court documents and the official settlement administrator, the class includes all U.S. residents who received notice that their private information was compromised in the January 2025 New York Blood Center data incident.Most eligible individuals were sent a written or emailed notice directly from NYBC. That notice typically included a unique Notice ID and PIN, which can be used to submit a claim online. However, receiving a notice is not always required. Individuals who believe they were affected but are unsure can still verify their status through the settlement administrator.
The administrator can be contacted by mail, phone, or email. Verification is important, because only confirmed class members are eligible to receive payments or benefits under the settlement terms.
How much money can victims receive from the settlement
The settlement offers two distinct cash payment paths, designed to reflect different levels of harm.The first option allows eligible claimants to seek up to $2,500. This option is for individuals who can document out-of-pocket losses linked to identity theft or fraud that occurred between January 26, 2025, and February 11, 2026. Acceptable documentation may include bank statements, credit reports, invoices, or receipts showing fraudulent charges, unreimbursed losses, or expenses related to preventing identity theft.
The second option is a flat cash payment of $20, available with no documentation required. This amount may increase or decrease depending on the total number of approved claims and the size of the settlement fund. While modest, this option is designed to ensure compensation even for those who did not experience immediate financial harm.
Consumer advocates stress that data breach impacts are often delayed. Even individuals who have not yet suffered fraud may still face future risks, which is why filing a claim can be worthwhile.
Claim deadline is February 11, 2026, with online filing fastest
The final deadline to submit a claim is Wednesday, February 11, 2026. Claims submitted after that date will not be accepted under any circumstances.The fastest and most reliable way to file is through the official settlement website, using the online claim form. Claimants may also submit a paper form by mail, but it must be postmarked by February 11, 2026, to be considered valid.
Legal analysts note that last-minute surges are common in data breach settlements, which can slow processing times. Filing early reduces the risk of technical issues or incomplete submissions. Once approved, payments will be distributed after final court review and administrative processing, a step that can take several months.
Nearly 194,000 Americans face a February 11, 2026 deadline to claim money from a $500,000 data breach settlement tied to the New York Blood Center. Exposed data includes Social Security numbers, medical records, and bank details. Eligible victims can claim up to $2,500 with proof or a flat cash payment without documents.
FAQs:
1: Who is eligible for the New York Blood Center data breach settlement?About 194,000 U.S. residents qualify if they received notice that their personal or medical data was exposed in the January 2025 cyberattack. Eligibility is limited to individuals whose information was confirmed compromised by the New York Blood Center or Memorial Blood Centers. Proof of notice or verification through the settlement administrator is required.
2: How much money can I get from the New York Blood Center settlement?
The settlement fund totals $500,000, with individual payouts capped at $2,500 for documented identity theft or fraud losses. Claimants without financial proof can still receive a flat $20 cash payment, subject to adjustment based on total approved claims.
3: What personal data was exposed in the New York Blood Center breach?
The breach exposed highly sensitive data, including Social Security numbers, dates of birth, blood types, medical test results, and some direct-deposit banking details. Cybersecurity filings confirm the intrusion lasted six days, increasing long-term identity theft and medical fraud risks.
4: What is the deadline to file a New York Blood Center data breach claim?
All claims must be submitted online or postmarked by February 11, 2026. Claims filed after this date are legally barred, regardless of eligibility. Settlement administrators report late filings are automatically rejected under court-approved terms.
