U.S. Bank Data Breach Lawsuit Investigation
Received a June 2026 breach notice from U.S. Bank?
Dapeer Law, P.A. is investigating a potential class action against U.S. Bank National Association, the consumer-banking arm of U.S. Bancorp, on behalf of customers whose credit-card information may have been exposed in a security incident at a third-party service provider that reached the bank through its vendor, Fidelity National Information Services (FIS).
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from U.S. Bank dated June 2026.
- Your letter offered enrollment in free myTrueIdentity credit monitoring and identity-theft protection (a TransUnion service).
- You had credit-card information held by U.S. Bank in its capacity as a banking and financial services provider.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
According to a notice filed with the Massachusetts Attorney General, U.S. Bank was informed on May 7, 2026 that a third-party service provider supporting its vendor, Fidelity National Information Services (FIS), had experienced a security incident. After reviewing the matter, U.S. Bank confirmed on May 19, 2026 that the incident affected certain U.S. Bank customer data and determined that some credit-card information had been subject to unauthorized access.
U.S. Bank began mailing notice letters to affected individuals on or around June 30, 2026, and the incident was publicly filed with the Massachusetts Attorney General on July 3, 2026. The filing reports that 537 individuals, all Massachusetts residents, were affected. According to the notice, the exposed information was limited to name, mailing address, and credit card number. The notice did not list Social Security numbers, online banking credentials, or account balances as involved. U.S. Bank is reissuing affected credit cards at no cost and is offering 12 months of complimentary credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service, which affected individuals may activate using the code in their letter through January 31, 2027.
Because credit-card numbers were exposed alongside names and mailing addresses, affected individuals face an elevated risk of payment-card fraud. Cardholders should monitor their statements for unauthorized charges, activate the replacement card issued by the bank, and consider placing a fraud alert or security freeze with the major credit bureaus.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the enrollment code for myTrueIdentity credit monitoring and is important evidence if you decide to participate in a lawsuit.
Enroll in the free 12-month credit monitoring
Enroll in the myTrueIdentity (TransUnion) monitoring offered in your letter before the January 31, 2027 deadline. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.
Because a credit-card number was exposed, activate the replacement card U.S. Bank is reissuing at no cost, review your card statements for unfamiliar charges, and consider requesting a free copy of your credit reports at annualcreditreport.com.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action against U.S. Bank.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines,
Given the exposure of credit-card numbers, affected individuals may face unauthorized charges and payment-card fraud, and should document any losses or time spent resolving fraudulent activity.
or tax refund fraud tied to the breach.Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring U.S. Bank and its third-party vendors to implement stronger data security practices, including enhanced oversight of service providers with access to customer card data.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from U.S. Bank. What should I do? +
Keep your breach notice letter, it contains your myTrueIdentity enrollment code and serves as evidence if you pursue legal action. Enroll in the free 12-month credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service before the January 31, 2027 deadline. Activate the replacement credit card U.S. Bank is reissuing at no cost, place a fraud alert or security freeze with Equifax, Experian, and TransUnion, and watch your card statements for unfamiliar charges. If you notice suspicious activity, report it and consider speaking with a data breach attorney.
Am I eligible to join a class action against U.S. Bank? +
You may be eligible if you received a breach notice from U.S. Bank dated on or around June 30, 2026, or if you experience unauthorized use of information exposed in the incident. Eligibility for a class action can also depend on your state of residence, the categories of data exposed in your case, and any documented losses. The Massachusetts filing lists 537 affected Massachusetts residents. Completing a free case evaluation with Dapeer Law is the best way to assess your individual circumstances.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
According to U.S. Bank's notice, the exposed information was limited to name, mailing address, and credit card number. The notice did not list Social Security numbers, online banking credentials, or account balances as involved. Check your individual notice letter to confirm which specific data types apply to you.
Did U.S. Bank offer free credit monitoring? +
Yes. U.S. Bank is offering 12 months of complimentary credit monitoring and identity-theft protection through TransUnion's myTrueIdentity service, and is also reissuing affected credit cards at no cost. Enrollment instructions and your unique code are included in your notice letter, and the enrollment deadline is January 31, 2027. Enrolling in this benefit does not waive your right to participate in a lawsuit.
How many people were affected by the U.S. Bank breach? +
The Massachusetts Attorney General filing lists 537 affected individuals, all of whom are reported to be Massachusetts residents. The total number affected nationwide may be updated as more information becomes available, and this page will be updated accordingly.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
U.S. Bank's breach notice was filed with the Massachusetts Attorney General's Office and is publicly available through the Massachusetts AG's data breach reporting portal. You can also obtain a copy of the relevant notice during a free consultation with Dapeer Law.
Sources & references
- Official breach notice filing · Massachusetts Attorney General, Data Breach Notification
- Company · U.S. Bank National Association (usbank.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.