U.S. Bank Data Breach Lawsuit Investigation

Active investigation · Free, confidential case review
Call (954) 799-5914
Data Breaches / U.S. Bank
Active investigation Data breach · Banking & Financial Services Notices mailed Jun 30, 2026

Received a June 2026 breach notice from U.S. Bank?

Dapeer Law, P.A. is investigating a potential class action against U.S. Bank National Association, the consumer-banking arm of U.S. Bancorp, on behalf of customers whose credit-card information may have been exposed in a security incident at a third-party service provider that reached the bank through its vendor, Fidelity National Information Services (FIS).

Submit your claim See what to do No fee unless we recover for you
Breach window
May 2026
Third-party provider incident via FIS
Notification delay
54 days
Notified May 7, 2026, letters mailed June 30, 2026
Credit monitoring
12 months
Through myTrueIdentity (TransUnion)
Eligibility

Who may qualify

You may be eligible to participate in a class action if any of the following applies:

  • You received a data breach notification letter from U.S. Bank dated June 2026.
  • Your letter offered enrollment in free myTrueIdentity credit monitoring and identity-theft protection (a TransUnion service).
  • You had credit-card information held by U.S. Bank in its capacity as a banking and financial services provider.
  • No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
  • Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.

Not sure if you qualify?

Send us your notice, we'll confirm your eligibility at no cost.

Check eligibility
Background

What happened

According to a notice filed with the Massachusetts Attorney General, U.S. Bank was informed on May 7, 2026 that a third-party service provider supporting its vendor, Fidelity National Information Services (FIS), had experienced a security incident. After reviewing the matter, U.S. Bank confirmed on May 19, 2026 that the incident affected certain U.S. Bank customer data and determined that some credit-card information had been subject to unauthorized access.

U.S. Bank began mailing notice letters to affected individuals on or around June 30, 2026, and the incident was publicly filed with the Massachusetts Attorney General on July 3, 2026. The filing reports that 537 individuals, all Massachusetts residents, were affected. According to the notice, the exposed information was limited to name, mailing address, and credit card number. The notice did not list Social Security numbers, online banking credentials, or account balances as involved. U.S. Bank is reissuing affected credit cards at no cost and is offering 12 months of complimentary credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service, which affected individuals may activate using the code in their letter through January 31, 2027.

Because credit-card numbers were exposed alongside names and mailing addresses, affected individuals face an elevated risk of payment-card fraud. Cardholders should monitor their statements for unauthorized charges, activate the replacement card issued by the bank, and consider placing a fraud alert or security freeze with the major credit bureaus.

Data Breach Third-Party Vendor Credit Card Data Banking Massachusetts Attorney General
Action plan

What to do if you received a letter

1

Keep your notice letter

Do not discard it. Your letter contains the enrollment code for myTrueIdentity credit monitoring and is important evidence if you decide to participate in a lawsuit.

2

Enroll in the free 12-month credit monitoring

Enroll in the myTrueIdentity (TransUnion) monitoring offered in your letter before the January 31, 2027 deadline. Accepting this benefit does not waive your right to pursue legal action.

3

Place a fraud alert or credit freeze

Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.

Because a credit-card number was exposed, activate the replacement card U.S. Bank is reissuing at no cost, review your card statements for unfamiliar charges, and consider requesting a free copy of your credit reports at annualcreditreport.com.

4

Speak with a data breach attorney

Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action against U.S. Bank.

Submit your notice for a free review

Two minutes online. A licensed attorney reviews every submission.

Submit your claim
Timeline

Breach timeline

May 7, 2026 Passed
U.S. Bank notified of a security incident at a third-party provider supporting its vendor FIS
May 19, 2026 Passed
Bank confirmed U.S. Bank customer credit-card data was impacted
June 30, 2026 Passed
Notice letters mailed to affected individuals
July 3, 2026 Passed
Breach details filed with the Massachusetts Attorney General
Jan 31, 2027 Active
Deadline to enroll in complimentary myTrueIdentity credit monitoring
Pending Active
Potential class action filing
Statutes of limitations vary by state and legal theory, typically one to six years. Waiting can permanently bar your claim.
Possible recovery

Compensation you may be entitled to

Out-of-pocket expenses

Credit freezes, identity restoration services, and other costs incurred responding to the breach.

Time spent monitoring

Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.

Identity theft & fraud losses

Unreimbursed funds stolen from accounts, unauthorized credit lines,

Given the exposure of credit-card numbers, affected individuals may face unauthorized charges and payment-card fraud, and should document any losses or time spent resolving fraudulent activity.

or tax refund fraud tied to the breach.

Statutory damages

Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.

Injunctive relief

Court orders requiring U.S. Bank and its third-party vendors to implement stronger data security practices, including enhanced oversight of service providers with access to customer card data.

Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.

FAQ

Common questions

I received a data breach letter from U.S. Bank. What should I do? +

Keep your breach notice letter, it contains your myTrueIdentity enrollment code and serves as evidence if you pursue legal action. Enroll in the free 12-month credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service before the January 31, 2027 deadline. Activate the replacement credit card U.S. Bank is reissuing at no cost, place a fraud alert or security freeze with Equifax, Experian, and TransUnion, and watch your card statements for unfamiliar charges. If you notice suspicious activity, report it and consider speaking with a data breach attorney.

Am I eligible to join a class action against U.S. Bank? +

You may be eligible if you received a breach notice from U.S. Bank dated on or around June 30, 2026, or if you experience unauthorized use of information exposed in the incident. Eligibility for a class action can also depend on your state of residence, the categories of data exposed in your case, and any documented losses. The Massachusetts filing lists 537 affected Massachusetts residents. Completing a free case evaluation with Dapeer Law is the best way to assess your individual circumstances.

How much money could I receive from a class action lawsuit? +

Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.

What personal information was exposed in the breach? +

According to U.S. Bank's notice, the exposed information was limited to name, mailing address, and credit card number. The notice did not list Social Security numbers, online banking credentials, or account balances as involved. Check your individual notice letter to confirm which specific data types apply to you.

Did U.S. Bank offer free credit monitoring? +

Yes. U.S. Bank is offering 12 months of complimentary credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service, and is also reissuing affected credit cards at no cost. Enrollment instructions and your unique code are included in your notice letter, and the enrollment deadline is January 31, 2027. Enrolling in this benefit does not waive your right to participate in a lawsuit.

How many people were affected by the U.S. Bank breach? +

The Massachusetts Attorney General filing lists 537 affected individuals, all of whom are reported to be Massachusetts residents. The total number affected nationwide may be updated as more information becomes available, and this page will be updated accordingly.

Is there a deadline to take legal action? +

Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.

How do I get a copy of the official breach notice? +

U.S. Bank's breach notice was filed with the Massachusetts Attorney General's Office and is publicly available through the Massachusetts AG's data breach reporting portal. You can also obtain a copy of the relevant notice during a free consultation with Dapeer Law.

References

Sources & references

Attorney advertising. This page is provided for informational purposes only. It does not constitute legal advice or form an attorney-client relationship. Dapeer Law, P.A. is not affiliated with U.S. Bank National Association, myTrueIdentity, or any credit bureau. Prior results do not guarantee a similar outcome. All information regarding the data incident is drawn from the official notification filed with Massachusetts Attorney General on June 30, 2026.
Free, confidential case review

Don't let the deadline decide for you. Submit your claim today.

You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.

Why Dapeer Law

Practice focusConsumer class actions
Licensed inFL · NY · NJ · IL
Case review fee$0
Response timeSame business day
Free case review
Confidential · 2 minutes
Submit claim →
Next
Next

T.A. Solberg Co., Inc. Data Breach Lawsuit Investigation