Chime Lawsuit 2026: The Complete Guide to the Class Action, Data Breach, and What Comes Next

What Is the Chime Lawsuit? (And Why Are So Many People Searching for It Right Now?) 

If you woke up on April 1, 2026, and found yourself locked out of your Chime account — unable to see your balance, transfer money, or pay rent — you were not alone. Thousands of Chime users experienced the same thing that morning, and within 48 hours, the first federal class action lawsuit had already been filed against the company. Three more followed within two weeks.

Here is what happened, who is suing, what the lawsuits actually allege, and — the question most people have — how much a Chime settlement payout per person might look like if the case settles.

The short answer on the settlement: there is no Chime settlement yet. The case was filed in April 2026 and is in early-stage federal litigation. No claim form exists. Anyone telling you otherwise is running a scam.

Chime Lawsuit 2026 — Key Facts at a Glance
Case Name	Castaneda et al. v. Chime Financial Inc.
Case Number	3:26-cv-02924 (N.D. California)
Date of Breach	April 1, 2026
Lawsuits Filed	3 separate federal class actions
Named Plaintiffs	Cindy Castaneda, Lauren Goodloe, Melissa Porter, Michael Walsh
Alleged Attacker	Team 313 — Iran-linked hacktivist group
Settlement Status	NO settlement reached as of May 2026 — active litigation
Claim Form	Not yet available — no form open at this time
CFPB Fine (2024)	$3.25 million for delayed account refunds
Plaintiff’s Law Firm	Strauss Borrelli PLLC (Carly M. Roman)

What Happened on April 1, 2026? The Chime Data Breach Explained

On April 1, 2026, a cybercriminal group called Team 313 — also known as The Islamic Cyber Resistance in Iraq, an Iran-linked hacktivist organization — allegedly breached Chime’s internal servers and triggered a platform-wide outage. For several hours, users across the United States could not log in, view account balances, send money, or use the mobile app. For some, the disruption was a minor inconvenience. For others, it meant missed rent payments, overdraft fees, and real financial harm.

What Team 313 claims it stole: The group allegedly took responsibility online for the attack, claiming to have exfiltrated sensitive customer data including Social Security numbers, email and postal addresses, phone numbers, and account login credentials. The lawsuits allege this data is now at risk of misuse or sale.

What Chime says: Chime publicly stated it identified and quickly resolved a brief disruption affecting only its marketing website, Chime.com, and that no member information or funds were compromised. Chime has not confirmed any data breach.

Why the gap matters: The lawsuits do not require Chime to have admitted a breach. They argue that the disruption itself — and Chime’s alleged failure to adequately protect its systems — caused real harm, regardless of whether specific customer data has been misused yet. Courts have found this sufficient to establish standing in dozens of data breach class actions.

Key allegation from the 33-page complaint (per ClassAction.org):Chime acted with ‘wanton and reckless disregard’ for the data in its possession, exposing users to a ‘substantially increased risk of fraud, misuse, and identity theft.’

What the Chime Data Breach Lawsuit Actually Alleges — The Three Core Legal Claims 

Three separate class action complaints have now been filed against Chime in the Northern District of California. Together, they make three core legal arguments:

• Negligence: Chime failed to maintain adequate cybersecurity safeguards and did not properly train employees to prevent intrusions of this type. The second complaint (filed April 7 by Melissa Porter) specifically cites Chime’s failure to implement multi-factor authentication (MFA) and proper data encryption — both considered industry-standard protections in 2026.
• Breach of Contract: When customers opened Chime accounts, they reasonably expected their data and banking access to be protected. Chime’s privacy policy explicitly acknowledges its legal obligations to safeguard user information. The lawsuits argue Chime failed to honor that commitment.
• California State Law Violations: Chime is alleged to have violated the California Unfair Competition Law (UCL) and the California Consumer Privacy Act (CCPA), which impose strict obligations on companies that collect and store personal financial data.

Critically, the plaintiffs also allege that Chime had not formally notified affected customers of the breach at the time of filing — leaving people without the information they needed to protect their own identities and finances. Under CCPA, companies are generally required to notify affected individuals in a reasonable time.

Relevant Readings on Attorneys Magazine: Generational Equity Lawsuit Fischer Homes Lawsuit Nightfall Group Lawsuit

Chime vs. Other Fintech Lawsuits: Why This Case Is Bigger Than It Looks

Chime is not the first fintech to face a data breach class action. But the combination of factors here is unusual — and potentially significant for the size of any eventual settlement:

• Scale: Chime is the largest digital bank in the United States by customer count, with an estimated 22 million account holders. Even a fraction of affected users represents a massive potential class.
• Prior regulatory record: The CFPB has already fined Chime $3.25 million (2024) for delayed refunds, and Chime paid $2.5 million to settle a California DFPI complaint. Courts weigh prior regulatory history when evaluating settlement demands.
• Iran-linked attacker angle: The alleged involvement of an Iran-linked hacktivist group (Team 313) raises national security questions that could bring additional regulatory attention beyond the CFPB, including potential OFAC scrutiny.
• No FDIC charter: Chime is not a bank — it partners with Bancorp Bank and Stride Bank. This structure means customer deposits may have been at risk through a third-party compliance gap, a pattern that regulators have repeatedly flagged.
• Multiple simultaneous lawsuits: Three separate complaints were filed within 17 days of the breach, with four named plaintiffs. This speed suggests organized plaintiff counsel who may push aggressively for early certification and settlement.

Chime’s Regulatory Record: The $3.25 Million CFPB Fine Explained 

⚠️  CFPB Enforcement Action — May 2024 The Consumer Financial Protection Bureau fined Chime Financial $3.25 million in May 2024 for illegally delaying the return of account balances after customer accounts were closed. In thousands of cases, Chime took longer than 90 days to issue refund checks. Affected customers were left unable to pay for groceries, rent, or other daily necessities.Additionally, Chime paid $2.5 million to the California DFPI in February 2024 for mishandling customer complaints during 2021. These enforcement actions are now part of the regulatory context courts will consider when evaluating the 2026 data breach lawsuit.

Under the CFPB consent order (which remains active for five years), Chime is required to provide refunds within 14 days of account closure, pay affected customers between $25 (for balances under $10) and $150 or more (for balances over $10), and submit compliance reports annually. This order directly informs payout estimates in the account-freeze class action.

Chime Class Action Lawsuit Timeline: What Has Happened and What Comes Next

April 1, 2026	Cyberattack by Team 313 hits Chime’s servers. Platform-wide outage. Thousands of users locked out. Chime calls it a ‘brief disruption to marketing website only.’
April 3, 2026	First class action filed by Castaneda & Goodloe (Strauss Borrelli PLLC) in N.D. California — Case No. 3:26-cv-02924.
April 7, 2026	Second complaint filed by Melissa Porter, specifically citing Chime’s failure to implement MFA and encryption.
April 17, 2026	Third complaint filed by Michael Walsh (Los Angeles), alleging ongoing identity theft risk and harm.
May 2026	Case in early litigation. No judge assignment, no discovery schedule, no trial date set. No settlement.
2026–2027 (projected)	Class certification motion expected. Discovery phase begins. Resolution: 2–4 years based on comparable fintech class actions.

Chime Settlement Payout Per Person: Realistic Estimates for 2026

This is the question most Chime customers are asking. The honest answer is that no payout has been determined because no settlement has been reached. However, based on comparable data breach and fintech class actions, legal analysts have developed the following projections:

Scenario	Estimated Payout	Basis
Basic disruption / service outage with no documented loss	$50 – $150	Standard data breach class awards
Documented late fees, missed payments, or NSF charges	$150 – $500	Comparable fintech settlements
Verifiable identity theft or credit damage	$500 – $2,000+	Based on CFPB enforcement precedent
Account-freeze claimants (prior case)	$25 – $500+	Per CFPB 2024 consent order terms
CEMA spam-text claimants (per text)	$500+ per message	Washington Consumer Electronic Mail Act statutory damages

Important context: Class action settlements in data breach cases are almost always divided among all claimants, meaning the more people who file claims, the smaller the individual payout. Documenting your specific harm — late fees, credit damage, identity theft — is the single most effective thing you can do to increase your individual recovery.

💡 Pro Tip — What documentation maximizes your claim: 1. Screenshots of the April 1 outage (with date/time visible) 2. Bank statements showing late fees, NSF charges, or returned payments 3. Emails or messages from landlords, creditors, or employers about missed payments 4. Credit monitoring alerts showing unusual activity post-breach 5. Any communication from Chime acknowledging the disruption

Chime Settlement 2026: How to Apply — Step-by-Step Guide

🚨  STATUS AS OF MAY 2026: NO CLAIM FORM IS OPEN No Chime settlement claim form exists. No official settlement website has been created. If you find a website claiming to collect your information for a ‘Chime settlement claim,’ it is a scam. Do not enter your Social Security number, bank details, or personal information anywhere except an official, court-approved claims website — which will only appear after a judge approves a settlement.

When a settlement is reached, here is exactly how the process will work:

1. Class members will be notified automatically by email or mail at the address on file with Chime. Check your inbox and spam folder once any settlement is announced publicly.
2. An official settlement website will go live 30–60 days before the claims deadline. Only use the court-approved URL — it will typically end in .com or .net with the case name in the URL, not a third-party site.
3. Complete the online claim form with your Chime account details, the period when your account was active, and a description of any harm you experienced during the April 2026 outage.
4. Upload or mail supporting documentation — screenshots, bank statements, late fee notices, or any proof of financial harm.
5. Submit before the claims deadline. The window is typically 90–120 days from the settlement announcement. Missing it means forfeiting your right to recover from this specific settlement.

How to monitor for updates right now:

• Bookmark Case No. 3:26-cv-02924 on PACER (pacer.gov) — federal court records are public
• Sign up for alerts at TopClassActions.com or ClassAction.org for Chime-related updates
• Check the Chime app or email for any official breach notification from Chime
• File a complaint with the CFPB at consumerfinance.gov — this creates a record

Who Qualifies for the Chime Class Action? Eligibility Checklist

NEW — scannable eligibility table not found in competing articles

There are currently three separate legal actions against Chime. Your eligibility depends on which one applies to your situation:

Lawsuit	You May Qualify If…	Status
Data Breach (April 2026)	Had a Chime account active on or around April 1, 2026	✅
Data Breach (April 2026)	Experienced login failure, balance errors, or service outage	✅
Data Breach (April 2026)	Received (or did not receive) breach notification from Chime	✅
Data Breach (April 2026)	Suffered financial harm — late fees, NSF charges, missed payments	✅ Strong claim
Account-Freeze Case	Chime account closed without adequate notice (approx. 2020–2024)	✅
Account-Freeze Case	Received refund more than 14 days after account closure	✅
Account-Freeze Case	Never received refund of account balance	✅ Strong claim
CEMA Spam-Text Case	Washington State resident who received Chime referral texts without consent	✅

No action required to join a class action at this stage. You do not need to sign up, register, or hire a lawyer right now. If a settlement is reached, affected class members will be notified automatically. Taking action now means documenting your harm — not signing up for anything.

What Affected Customers Should Do Within 72 Hours

If you were a Chime customer on or around April 1, 2026, and you experienced any disruption — or you are simply concerned about what may have happened to your data — take these steps now:

• Change your Chime password immediately and enable two-factor authentication (2FA) in the app settings. If you reused your Chime password on any other accounts, change those too.
• Freeze your credit at all three bureaus — Equifax (equifax.com), Experian (experian.com), and TransUnion (transunion.com). A credit freeze is free and prevents new accounts from being opened in your name.
• Pull your free credit reports at AnnualCreditReport.com. Under current rules, all three bureaus must offer free weekly reports. Look for accounts, inquiries, or addresses you do not recognize.
• Place a fraud alert with any one of the three bureaus — it automatically notifies all three and requires lenders to take extra steps before approving new credit in your name.
• Document everything — screenshots of outage messages, bank statements showing any fees, emails from Chime. Date and timestamp matter. Save them in a folder labeled ‘Chime April 2026.’
• File a CFPB complaint at consumerfinance.gov/complaint. This creates an official record and adds your experience to the regulator’s database, which is used in enforcement actions.
• Do NOT use any third-party ‘claim’ websites claiming to process Chime settlement claims. None are legitimate as of May 2026.

Frequently Asked Questions — Chime Data Breach Lawsuit 2026

Is there a Chime data breach?
Yes — according to lawsuits filed in April 2026, an Iran-linked hacktivist group called Team 313 targeted Chime’s servers on April 1, 2026, causing a widespread platform outage and allegedly exposing customer data. Chime disputes that any member data was compromised, but three federal class action lawsuits argue otherwise. The courts have not yet made a determination.

What is the Chime settlement payout per person?
No payout has been set because no settlement has been reached. Based on comparable fintech class actions, individual payouts range from $50 for basic disruption claims to $500 or more for documented financial harm. Customers who can prove specific losses — late fees, identity theft, missed payments — tend to receive larger recoveries. The CFPB 2024 consent order set minimum refund amounts of $25 to $150 for account-freeze claimants.

How do I apply for the Chime settlement 2026?
You cannot apply yet. As of May 2026, no claims process exists and no settlement has been reached. When a settlement is approved by the court, an official claims website will open 30–60 days before the deadline. You will complete a form with your account information and documentation of any harm. Watch for official notifications by email or mail from Chime or the court. Do not submit your information to any unofficial site.

Is my money insured if Chime is hacked?
Chime is not a bank — it partners with FDIC-insured banks (Bancorp Bank and Stride Bank). Your deposits are insured by the FDIC up to $250,000 per depositor. The lawsuit is not about lost deposits; it is about unauthorized access to personal data and disruption to banking services. Your money was not stolen from your account in this breach, but your personal information may have been exposed.

Who is Team 313 and what is the Iranian connection?
Team 313, also called 313 Team or The Islamic Cyber Resistance in Iraq, is an Iran-linked hacktivist group that allegedly took public credit for the April 1, 2026, attack on Chime’s servers. The lawsuits describe them as cybercriminals who breached Chime’s internal systems and triggered the platform outage. The Iran connection is why you may see searches like ‘Chime Financial faces lawsuits over alleged Iranian-linked data breach.’

What data was stolen in the Chime data breach?
Plaintiffs allege that Team 313 accessed and potentially stole Social Security numbers, email and postal addresses, phone numbers, and Chime account login credentials. Chime has denied any member data was compromised. The courts have not made a determination, and specific, documented instances of individual data being misused have not yet been proven in the litigation.

Can Chime be held criminally responsible?
The class action lawsuits are civil matters — they seek monetary damages for affected customers, not criminal penalties. However, if evidence of willful negligence or fraudulent misrepresentation emerges, regulatory bodies like the FTC or CFPB could pursue separate enforcement action. The Iran-linked attacker angle could also trigger national security reviews, though Chime itself would not face criminal liability for being a victim of a foreign cyberattack.

What if Chime disputes the breach — does that kill the lawsuit?
No. Class action lawsuits regularly proceed even when the defendant denies liability. In data breach cases, plaintiffs typically argue that the risk of future harm — not just proven harm — is sufficient to establish their legal standing. Multiple federal courts have accepted this approach. Chime’s denial is standard practice in litigation and does not prevent the case from moving forward through discovery and class certification.

How long will the Chime lawsuit take?
Complex federal class actions — especially data breach cases — typically take two to five years from filing to final settlement or judgment. The account-freeze class action (a separate case filed earlier) was projected to resolve in 2026 after approximately two years. The April 2026 data breach case was just filed and is in the earliest stages of litigation. Expect a 2027–2028 resolution at the earliest if a settlement is reached voluntarily; longer if it goes to trial.

Legal Disclaimer: This article is for informational and educational purposes only. It does not constitute legal advice, and no attorney-client relationship is formed by reading this content. No settlement has been finalized in any of the referenced cases, and no claim form is currently available. Laws and court rulings may change; consult a qualified attorney for advice specific to your situation. The author and publisher are not responsible for any action taken based on information in this article.