Tangoe US $5750 Settlement Over 2022 Data Breach Exposing Sensitive Personal Info

Tangoe US Inc. agreed to a class action settlement stemming from a targeted cyberattack in November 2022 that allegedly allowed unauthorized access to files containing highly sensitive personal data. According to the claims, the exposed information could include names, dates of birth, Social Security numbers, financial account details, and even medical and health insurance information—exactly the kind of data that can fuel identity theft, account takeovers, and medical fraud long after a breach is discovered. The lawsuit was filed on the theory that Tangoe did not adequately safeguard this information and should be responsible for the costs and time consumers spend protecting themselves after such an incident. Without admitting wrongdoing, Tangoe settled to avoid the expense and uncertainty of continued litigation, offering class members reimbursement for documented out-of-pocket losses (up to $750), compensation for certain identity-theft-related “extraordinary losses” (up to $5,000), an alternative $50 cash payment for those without documented losses, and two years of three-bureau credit monitoring—amounting to a potential $5,750 for qualifying claims, with deadlines extending into 2026. This case fits a larger pattern in which companies facing data-breach claims resolve disputes by funding credit monitoring and limited cash payments, while plaintiffs argue that the real harm is the increased risk and ongoing burden of preventing fraud. It also reflects broader industry pressure and legal expectations to use “reasonable” security controls—especially when handling Social Security numbers and health-related data—under frameworks like state data-breach notification laws (and, where applicable, health-privacy rules such as HIPAA for covered entities and their vendors), as well as regulators’ growing focus on incident response, access controls, and timely notice to affected individuals