ARCADIA, Calif.–A California state court has granted preliminary approval to a proposed $725,000 class-action settlement involving the former LA Financial Federal Credit Union following a 2024 data breach that allegedly exposed members’ personal information, according to court filings and settlement documents.
In mid-2025, LA Financial FCU merged into Credit Union of Southern California (CUSoCal).
The proposed settlement — not $750,000, as some reports have suggested — would resolve claims that the credit union failed to adequately protect sensitive customer data during a cybersecurity incident discovered in June 2024.
According to the settlement website and court documents, the breach involved unauthorized access to an employee email account and potentially exposed personally identifiable information belonging to members and other individuals.
Terms of Settlement
According to court filings, under the terms of the proposed agreement:
- The settlement fund totals $725,000.
- Class members may seek reimbursement for documented out-of-pocket losses tied to the breach.
- Eligible individuals also may receive credit-monitoring and identity-theft protection services.
- Attorneys’ fees could total as much as $241,666, subject to court approval.
- Service awards of up to $5,000 each could be paid to the named plaintiffs.
LA Financial denied wrongdoing in agreeing to the settlement, according to the filings. The credit union said it entered into the agreement to avoid the expense and uncertainty of continued litigation.
About the Breach
The lawsuit stemmed from a cyber incident discovered on or about June 10, 2024. According to breach notices filed with the California Attorney General’s office, LA Financial launched an investigation after detecting suspicious activity involving an employee’s email account.
Individuals affected by the breach later received notification letters advising them that personal information may have been compromised. Reports on the incident said the exposed data potentially included names and other sensitive information.
The settlement applies to U.S. residents whose information was compromised in the breach, according to the settlement administrator’s website. Claims are due by Aug. 5, 2026.
