Idaho National Laboratory Data Breach Settlement: $75 Cash No Proof + Up to $5,000 Claim

The Idaho National Laboratory data breach settlement offered affected individuals a $75 cash payment with no proof required, plus the ability to claim up...

The Idaho National Laboratory data breach settlement offered affected individuals a $75 cash payment with no proof required, plus the ability to claim up to $5,000 for documented fraud losses. The settlement stems from a November 2023 breach of INL’s Oracle HCM system, in which the hacktivist group SiegedSec stole sensitive personal data — including Social Security numbers, banking information, and medical records — belonging to 45,047 current and former employees, spouses, and dependents. If you were notified that your information was compromised in this incident, you were eligible to file a claim at INLDataSettlement.com. However, the claim filing deadline of February 28, 2026 has already passed. The Final Approval Hearing in *Dallimore v.

Idaho National Laboratory operated by Battelle Energy Alliance, LLC* (Case No. CV10-25-0742) is scheduled for March 19, 2026 at 9:00 a.m. MST via Zoom in the District Court for Bonneville County, Idaho. If you already filed your claim, your next step is to wait for final approval and payment distribution. If you missed the deadline, this article covers what happened, what the settlement included, and what options may still be available to you — including free credit monitoring through Experian that INL offered separately from the legal settlement.

Table of Contents

How Does the INL Data Breach Settlement Pay $75 With No Proof Required?

The no-proof-required $75 payment was designed to compensate class members for the time, hassle, and risk that inevitably follow a breach of this severity. Unlike most data breach settlements that require you to document specific losses or attest to hours spent dealing with the fallout, the INL settlement allowed any eligible class member to claim $75 simply by submitting a valid claim form. No receipts, no screenshots, no bank statements. This structure acknowledged a basic reality: when your Social Security number, banking information, and medical records are exposed, the damage is not hypothetical, even if you cannot point to a specific fraudulent charge on your statement yet.

For comparison, many data breach settlements offer only credit monitoring and require extensive documentation for any cash payout. The Equifax settlement, for instance, technically offered $125 cash but the amount was reduced to pennies per person because so many people filed. The INL settlement’s class size of 45,047 individuals is far smaller, which made a flat $75 payment more financially viable without the kind of dilution that plagued larger cases. Beyond the flat payment, class members who experienced actual out-of-pocket expenses — such as paying for credit freezes, replacing compromised documents, or spending on postage and phone calls related to the breach — could claim up to $1,000 with supporting documentation. Those who suffered extraordinary fraud-related losses tied to their compromised Social Security numbers could file for up to $5,000, though that required more substantial proof of the connection between the breach and the losses.

How Does the INL Data Breach Settlement Pay $75 With No Proof Required?

What Data Was Stolen in the Idaho National Laboratory Breach and Why It Matters

On November 19, 2023, attackers breached INL’s Oracle HCM cloud-based system at an off-site data center operated by a subcontractor. The hacktivist group SiegedSec publicly claimed responsibility for the attack. The data exposed was not limited to email addresses or usernames — it included full names, social Security numbers, dates of birth, email addresses, phone numbers, physical addresses, salary details, banking information, and medical treatment and health insurance information. that combination represents essentially a complete identity theft toolkit. The distinction matters because not all data breaches carry the same risk. A breach that exposes only email addresses and hashed passwords is an inconvenience.

A breach that exposes your Social Security number alongside your banking information and date of birth is a different category of threat entirely. With that combination, a bad actor does not need to guess security questions or phish for additional details — they already have what they need to open credit accounts, file fraudulent tax returns, or access existing financial accounts. The fact that medical and health insurance data was also compromised adds another layer, since medical identity theft can result in corrupted health records that are notoriously difficult to correct. However, if you were a dependent or spouse listed in the system rather than an employee, you may not have received direct notification about the breach in a timely manner. INL disclosed the breach on approximately December 12, 2023, but notification to all 45,047 affected individuals took additional time. If you suspect your information was in the INL system but never received a notice, the settlement administrator could be reached at (833) 417-4969 — though with the claim deadline passed, the practical options are now limited to credit monitoring and personal protective measures.

INL Settlement Compensation TiersNo-Proof Payment$75Ordinary Expenses (Max)$1000Extraordinary Losses (Max)$5000Source: INLDataSettlement.com

Who Was Behind the Attack and What Federal Investigators Found

SiegedSec, the group that claimed responsibility for the breach, is a hacktivist collective that has targeted government entities and organizations whose policies the group opposes. This was not a ransomware operation seeking payment or a state-sponsored espionage campaign targeting nuclear research data — it was a politically motivated attack aimed at embarrassing a high-profile federal contractor. SiegedSec posted stolen employee data publicly, which is a different threat model than breaches where data is sold quietly on dark web marketplaces. When data is dumped publicly, it becomes available to every opportunistic fraudster on the internet simultaneously, rather than being held by a single buyer. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) were involved in the investigation, which is standard for breaches affecting Department of Energy facilities.

INL operates as a federally funded research and development center managed by Battelle Energy Alliance, LLC, and its work includes nuclear energy research, national security programs, and critical infrastructure protection. The irony of a nuclear security laboratory suffering a data breach through a subcontractor’s cloud system was not lost on critics, and it raised broader questions about supply chain security in federal contracting. The subcontractor angle is worth noting because it illustrates a pattern seen repeatedly in major breaches. INL did not get hacked directly — the attackers went through an off-site data center operated by a third party. For affected individuals, the distinction between a direct breach and a subcontractor breach is meaningless in terms of personal impact. But it matters legally, and it mattered for the settlement, which named Battelle Energy Alliance as the defendant rather than the subcontractor.

Who Was Behind the Attack and What Federal Investigators Found

How to Maximize Your Claim Value — Flat Payment vs. Documented Losses

The settlement created a tiered structure that forced claimants to make a practical decision. The $75 no-proof payment was the simplest path: submit a form, get paid. But if you experienced actual losses, filing for documented reimbursement up to $1,000 — or up to $5,000 for extraordinary fraud — could have been significantly more valuable, provided you had the paperwork to back it up. The tradeoff was real. Filing for documented expenses required receipts, bank statements, or other proof showing you spent money dealing with the breach.

Credit monitoring subscriptions you purchased, fees for placing or lifting credit freezes, costs of replacing a driver’s license or other identity documents, and even long-distance phone charges related to fraud disputes all qualified as ordinary expenses under the $1,000 tier. The $5,000 extraordinary loss tier was reserved for cases where someone could demonstrate that their Social Security number was used fraudulently in a way directly connected to the INL breach — a higher bar that required showing causation, not just correlation. If your SSN was misused but you could not link it specifically to the INL incident, the claim might not have survived review. For most people who did not experience direct fraud, the $75 flat payment was the right choice. The time and effort required to compile documentation for a $200 or $300 reimbursement claim often does not make economic sense, particularly when many of those costs — like credit monitoring — were already being offered free through Experian as part of the settlement’s non-cash benefits.

What If You Missed the February 28, 2026 Claim Deadline?

The claim filing deadline was February 28, 2026, meaning claims had to be filed online or postmarked by that date. If you missed it, you are almost certainly out of luck for the cash portions of the settlement. Courts enforce claim deadlines strictly in class action cases, and late claims are typically rejected by the settlement administrator without exception. There is no standard process for requesting an extension after the fact, and judges rarely intervene on behalf of individual late filers. That said, missing the claim deadline does not mean you have no protections. INL offered free credit monitoring and identity theft restoration services through Experian independently of the lawsuit.

If you have not yet enrolled in that monitoring, check INL’s breach notification page at inl.gov/data-breach/ for current availability. You should also place fraud alerts or credit freezes with all three major credit bureaus if you have not already — this is free under federal law and does not depend on the settlement. One important limitation: if you did not opt out of the settlement by the January 29, 2026 deadline, you are bound by its terms regardless of whether you filed a claim. That means you released your legal claims against Battelle Energy Alliance related to this breach in exchange for the settlement benefits — even if you never collected any of those benefits. This is how class action settlements work, and it is one of the most criticized aspects of the system. You gave up your right to sue individually, and in return, you may have received nothing if you did not file on time.

What If You Missed the February 28, 2026 Claim Deadline?

Free Credit Monitoring Through Experian — What It Actually Covers

The settlement included comprehensive identity theft monitoring and restoration services through Experian at no cost to class members. This is separate from the cash compensation and typically provides dark web monitoring for your personal information, alerts when new accounts are opened in your name, and access to identity restoration specialists who can help you dispute fraudulent accounts if your information is misused. Credit monitoring is not a perfect solution — it tells you after the damage is done, not before.

But given the severity of the data exposed in the INL breach, monitoring is a reasonable minimum precaution. If your Social Security number, banking details, and medical information were all compromised, the risk window extends for years, not months. Identity thieves frequently sit on stolen data and use it long after the initial breach fades from the news. The Experian service provided through this settlement gives affected individuals a tool to at least detect misuse early, even if it cannot prevent it.

What the INL Breach Means for Federal Contractor Cybersecurity

The INL breach is part of a growing pattern of federal contractors and subcontractors being targeted by threat actors who recognize that government data often flows through private-sector systems with uneven security standards. A Department of Energy nuclear research facility’s employee data was compromised not through INL’s own network, but through a cloud-based HR system managed by a subcontractor. That supply chain vulnerability is precisely the kind of weakness that federal cybersecurity mandates — including CISA’s directives and evolving CMMC requirements — are supposed to address.

The Final Approval Hearing on March 19, 2026 will likely close the legal chapter of this case. But the broader issue of whether organizations like INL and Battelle Energy Alliance adequately secured employee data, and whether subcontractors met the security standards required for handling sensitive personnel information, remains a live question. For the 45,047 people whose most sensitive personal data was dumped publicly by hacktivists, the $75 check is a modest acknowledgment. The more lasting consequence should be systemic changes in how federal contractors manage and protect employee information systems — though history suggests those changes come slowly, if they come at all.

Conclusion

The Idaho National Laboratory data breach settlement provided three tiers of compensation for the 45,047 individuals affected: a $75 no-proof cash payment, up to $1,000 for documented ordinary expenses, and up to $5,000 for extraordinary fraud losses, along with free Experian credit monitoring. The breach itself was severe — SiegedSec’s attack on a subcontractor’s Oracle HCM system exposed Social Security numbers, banking information, medical records, and other highly sensitive personal data. The case, *Dallimore v. Battelle Energy Alliance*, is being heard in Bonneville County, Idaho, with final approval expected following the March 19, 2026 hearing.

If you filed a claim before the February 28, 2026 deadline, you should receive payment after final approval and the distribution process. If you missed the deadline, focus on enrolling in the free credit monitoring if you have not already, placing freezes on your credit reports, and monitoring your financial accounts closely. With Social Security numbers and banking information in the mix, the risk of identity theft extends well beyond the settlement timeline. Stay vigilant, and keep records of any suspicious activity in case future legal or insurance remedies become available.

Frequently Asked Questions

Can I still file a claim for the INL data breach settlement?

No. The claim filing deadline was February 28, 2026. Late claims are not being accepted. However, free credit monitoring through Experian may still be available through INL’s breach notification resources at inl.gov/data-breach/.

How much can I receive from the INL settlement?

Class members could claim $75 with no proof required, up to $1,000 for documented out-of-pocket expenses related to the breach, or up to $5,000 for extraordinary documented fraud losses connected to a compromised Social Security number. These tiers were not cumulative — the documented expense claims replaced the flat $75 payment.

Who is eligible for the INL data breach settlement?

All U.S. residents whose private information was compromised in the INL data incident disclosed on or about December 12, 2023. This includes current and former INL employees, as well as their spouses and dependents whose information was stored in the Oracle HCM system.

When will settlement payments be distributed?

Payments will be distributed after the court grants final approval. The Final Approval Hearing is scheduled for March 19, 2026. Distribution typically takes several weeks to months after approval, depending on the number of claims and any appeals.

What should I do if I experience identity theft related to the INL breach?

File a report with the FTC at IdentityTheft.gov, place fraud alerts or freezes with all three credit bureaus (Equifax, Experian, TransUnion), contact your bank and any affected financial institutions, and file a police report. If you enrolled in the Experian monitoring service, use their identity restoration specialists for additional help.

You Might Also Like

Browse more: Accountability | Addiction | Afghanistan | AI | Airlines