San Francisco 49ers agree to pay out victims of 2022 data breach

The San Francisco 49ers have agreed to settle a class action lawsuit stemming from a data breach, reaching a deal to pay out nearly 21,000 affected employees and fans.

Just before Super Bowl LVI, in February 2022, the BlackByte ransomware gang attacked the NFL team, obtaining access to Social Security numbers and other personally identifiable information in an incident first reported by The Record. The group also leaked business documents belonging to the 49ers on its leak site.

According to The Athletic, three class action lawsuits related to the breach were combined into one case. The plaintiffs filed settlement papers on Thursday in California federal court, the site reported, which they described as an “unopposed motion.”

Under the settlement agreement, “class members” can recoup up to $2,000 of “ordinary” expenses stemming from the breach, while those who experienced extraordinary expenses are entitled to up to $7,500. Class members are also eligible for two years of identity protection services.

In a statement to The Record, a 49ers spokesman said: “We cannot comment on an ongoing piece of litigation other than to say we take seriously our responsibility to safeguard personal and sensitive information entrusted to us.”

Data breaches are increasingly followed by class action lawsuits — a double-whammy for businesses recovering from a cyberattack. The Service Employees International Union, for example, recently agreed to pay union members $550,000 total following a 2021 data breach that compromised their information.

In mid-May, Massachusetts-based Maxim Healthcare agreed to pay more than 28,000 victims of a 2021 breach up to $5,000 each.

Jonathan Greig contributed to this story.