The final approval for the $15 million Cash App data breach settlement marks a significant milestone for millions of users who were impacted by security incidents between 2018 and 2024. Following the final court hearing on March 27, 2025, the settlement administrator has transitioned into the payment processing phase. This legal resolution addresses multiple class-action lawsuits consolidated under the case Salinas, et al. v. Block, Inc. and Cash App Investing, LLC, focusing on unauthorized access to customer data and deficiencies in error resolution for fraudulent transactions.

Current Status of the Cash App Settlement Payouts

As of the second quarter of 2025, the settlement has received final judicial approval. This means the legal challenges to the settlement terms have been resolved, and the fund is now legally cleared for distribution. However, because the class includes millions of potential claimants, the distribution process is not instantaneous. The settlement administrator is currently reviewing the validity of each claim submitted before the November 18, 2024 deadline.

Individuals who filed a valid claim can expect their payments to be issued in waves. Historical data from similar fintech class actions suggest that once final approval is granted, the first batch of payments typically reaches consumers within 60 to 90 days, though complex claims requiring manual verification of documented losses may take longer. Most approved claimants are projected to receive funds throughout the middle and latter half of 2025.

Understanding the $15 Million Settlement Fund Breakdown

The settlement fund was established to compensate users for specific types of harm resulting from two primary security events: a 2021 incident involving a former employee downloading internal reports and a 2023 incident involving unauthorized access to customer accounts. The $15 million total is divided among several compensation categories to ensure that those with the most significant financial injuries receive a higher proportion of the recovery.

Out-of-Pocket Losses for Financial Harm

Claimants who could prove direct financial loss resulting from the data breaches or unauthorized account activity were eligible to claim up to $2,500. This category is strictly for documented expenses that have not been reimbursed by other sources (like banks or insurance).

Documented out-of-pocket losses include:

  • Costs associated with identity theft or fraud on a Cash App account.
  • Fees paid for credit monitoring or identity theft insurance.
  • Professional fees paid to accountants or attorneys to resolve issues stemming from the breach.
  • Unreimbursed bank fees, such as overdraft charges or transaction fees caused by unauthorized withdrawals.
  • Travel expenses related to resolving fraud, including mileage or transit costs to visit a bank or law enforcement agency.

To qualify for this high-tier payout, users were required to submit supporting documentation such as police reports, bank statements, or official correspondence with Cash App support.

Compensation for Lost Time

The settlement recognizes that resolving identity theft and account fraud is a time-consuming process. Users were permitted to claim compensation for up to three hours of their time spent dealing with these issues at a rate of $25 per hour, totaling a maximum of $75. Unlike out-of-pocket losses, this category often required only an "attestation," meaning the user swore under penalty of perjury that the time was spent on these activities, though specific descriptions of the actions taken were required.

Reimbursement for Unauthorized Transactions

A specific portion of the fund is dedicated to users who experienced unauthorized transfers but were denied reimbursement by Cash App during the initial error-resolution process. If a user can show they reported the fraud but were rejected, the settlement provides a mechanism to recover those specific funds, provided they fall within the August 23, 2018, to August 20, 2024, timeframe.

Why the Claim Deadline of November 18, 2024, is Final

The court-mandated deadline for submitting claims was November 18, 2024. In the legal framework of class actions, this date is a hard cutoff. If a user did not submit a claim through the official settlement website or via mail by this date, they have waived their right to a portion of the $15 million fund.

There are no "late entry" provisions for this specific settlement. The court uses these deadlines to finalize the total number of approved claimants, which then determines the "pro rata" distribution. If the total value of all approved claims exceeds the $15 million fund (after deducting administrative costs and attorney fees), the individual payouts will be reduced proportionally. Conversely, if the claims are fewer than expected, some categories might see higher payouts up to the capped limits.

How to Verify Your Claim Status

For users who did submit a claim on time, verification is handled through the official settlement portal. It is important to note that the settlement administrator typically communicates via the email address provided during the claim filing process.

Step 1: Locating Your Claim ID

When you submitted your claim in 2024, you should have received a confirmation email containing a unique Claim ID or Confirmation Code. This code is the primary identifier for your case.

Step 2: Accessing the Status Portal

By entering your Claim ID and the associated email address on the official administrator’s site, you can view the current status of your application. Statuses typically range from "Under Review" and "Pending Documentation" to "Approved" or "Payment Processing."

Step 3: Updating Payment Information

If your bank account has changed or your physical address has moved since November 2024, you must update this information through the portal immediately. Payouts are typically sent via the method selected at the time of filing (Digital Payment, Direct Deposit, or Paper Check).

Distinguishing Between the Data Breach Settlement and the Washington State Text Case

There has been significant confusion among users regarding which settlement they belong to. While the $15 million data breach settlement is nationwide, a separate $12.5 million settlement exists for a different issue involving unsolicited text messages.

The Washington State Spam Text Settlement

This case involves allegations that Cash App sent unsolicited referral text messages to individuals without their consent.

  • Eligibility: Primarily restricted to residents of Washington state who received these texts.
  • Deadline: The claims period for this case remains open significantly longer, with a deadline of late 2025.
  • Payouts: Estimated between $88 and $147 per person.
  • Final Approval: Expected to occur in late 2025 or early 2026.

If you are a Cash App user outside of Washington, you are likely only eligible for the $15 million security settlement, provided you filed by the 2024 deadline.

The CFPB Enforcement Action: A Separate Path for Refunds

Beyond the private class-action settlements, the Consumer Financial Protection Bureau (CFPB) took administrative action against Block, Inc. (the parent company of Cash App) in January 2025. This is not a lawsuit you had to "join" as a plaintiff; rather, it is a government-ordered penalty.

The CFPB ordered Cash App to provide approximately $120 million in refunds to customers and pay an additional $55 million in civil penalties. These refunds are specifically targeted at users who were victims of fraud or unauthorized withdrawals and were not adequately protected by Cash App’s error-resolution systems.

Key differences for the CFPB refunds:

  1. Automatic Eligibility: In many cases, the CFPB identifies impacted users through company records, and refunds may be issued automatically without a separate claim form.
  2. Scope: This covers broader systemic issues than the specific data breaches mentioned in the $15 million settlement.
  3. Timeline: The CFPB-ordered refunds are expected to be processed throughout 2025 and 2026 as the company complies with the federal order.

Historical Context: The 2021 and 2023 Security Incidents

To understand the necessity of these payouts, one must look at the breaches that triggered the litigation. The first major event occurred on December 10, 2021. A former employee of Cash App Investing, who had legitimate access to internal reports during their employment, downloaded those reports after their employment had ended.

The reports contained:

  • Full names of customers.
  • Brokerage account numbers.
  • Portfolio values and stock trading activity.
  • One-day trading history.

While passwords and Social Security numbers were not part of this specific download, the exposure of brokerage data created significant risks for phishing and targeted financial scams. Cash App did not publicly disclose this breach until April 2022, a delay that formed a core part of the plaintiffs' legal arguments regarding negligence.

The 2023 incidents involved more active account takeovers, where unauthorized third parties gained access to accounts due to what the lawsuit alleged were weak multi-factor authentication protocols and poor customer service response times for locked-out users.

How to Protect Your Cash App Account in 2025

While the settlements provide retroactive financial relief, proactive security is essential to prevent future losses. The 2025 legal resolutions have forced Cash App to implement more stringent security measures, but user-level security remains the first line of defense.

Enable Security Locks

Go to your Cash App settings and toggle on the "Security Lock." This requires your Passcode, Touch ID, or Face ID for every payment. This prevents unauthorized transfers if someone gains physical access to your phone or bypasses the initial app entry.

Use Two-Factor Authentication (2FA)

Ensure that your associated email and phone number are secured with their own two-factor authentication. Most Cash App "hacks" occur when a scammer takes over a user's email or performs a SIM swap on their phone number to intercept login codes.

Review Connected Accounts

Periodically check the "Linked Banks" section of your app. If you see a debit card or bank account that you do not recognize, unlink it immediately and contact Cash App support. Scammers often link their own accounts to siphon funds out of a victim's balance.

Beware of "Cash App Fridays" and Fake Support

Official Cash App support will never ask for your sign-in code, PIN, or for you to send a "test payment." Be extremely cautious of social media accounts claiming to be part of "Cash App Friday" or other giveaways, as these are primary vectors for phishing.

What to Do If You Missed the Settlement Deadline

If you missed the November 18, 2024, deadline for the $15 million data breach settlement, your options for recovery from that specific fund are exhausted. However, you may still have recourse through other avenues:

  1. Monitor CFPB Updates: As mentioned, the $120 million CFPB refund program is handled separately. Keep an eye on the official CFPB website for news regarding Block, Inc. and potential automatic refunds.
  2. Individual Arbitration: Some users choose to opt-out of class actions to pursue individual claims through arbitration. However, the deadline to opt-out of the Salinas settlement has also passed. If you did not opt-out, you are legally bound by the settlement and cannot sue Cash App individually for the same events.
  3. State-Specific Actions: Residents of certain states may have additional protections under state data privacy laws (like the CCPA in California). While the class action covers many of these, specific state-level investigations might yield separate results.

Summary of Key Payout Data

Category Maximum Amount Requirement
Out-of-Pocket Losses $2,500 Receipts, bank statements, police reports
Lost Time $75 ($25/hr) Attestation of time spent resolving fraud
Unauthorized Transactions Variable Proof of reported but denied fraud claims
Washington Text Case $147 (Est.) Residency in WA and receipt of spam texts

Frequently Asked Questions (FAQ)

What is the official website for the Cash App settlement?

The official site for the data breach and unauthorized transaction settlement is cashappsecuritysettlement.com. Users should be wary of any other URLs, especially those sent via unsolicited texts or emails, as they may be phishing attempts.

Why haven't I received my Cash App settlement check yet?

Payments only begin after "Final Approval," which was granted on March 27, 2025. Following approval, there is often a 30-day window for potential appeals. Once that window clears, the administrator begins the logistical process of sending millions of payments. Most users will see their funds in mid-to-late 2025.

Can I still sign up for the Cash App settlement in 2025?

For the $15 million data breach settlement (Salinas v. Block), the answer is no. The deadline was November 18, 2024. However, if you are a Washington resident, you may still be able to file for the separate $12.5 million text message settlement before its late 2025 deadline.

How will I receive the money?

During the claim process, you were asked to select a payment method. Options typically included direct deposit to a bank account, a credit to your Cash App balance, or a physical paper check sent to your mailing address.

Is the $2,570 amount real?

The figure of $2,570 often cited in news reports is a combination of the maximum $2,500 for documented losses and the $70-$75 for lost time. It is not a guaranteed amount for everyone. Most users who did not have documented financial losses will likely receive a much smaller "pro rata" share of the remaining fund.

What if I moved since I filed my claim?

You should return to the official settlement website and use your Claim ID to update your mailing address. If a paper check is mailed to an old address and returned, it can take months to have it reissued.

Does the settlement affect my ability to use Cash App?

No. Participating in the settlement does not impact your standing with Cash App. You can continue to use the app for sending and receiving money as usual.

Conclusion

The Cash App settlement represents a major win for consumer data privacy, providing a path for $15 million in direct relief to those affected by security lapses. While the window to file new claims for the primary data breach has closed, the focus now shifts to the distribution of funds. Claimants should remain patient as the administrator processes payments through the second half of 2025. By staying informed about the distinction between the class-action payouts, the Washington state text case, and the CFPB regulatory refunds, users can ensure they receive every dollar they are entitled to while maintaining a secure digital financial footprint.