The corporate network of Purpose Financial, Inc., which the majority of people still refer to as Advance America, experienced a problem in February 2023. An unauthorized third party gained access, navigated the system, and took files with thousands of customers’ names and Social Security numbers. At the time, it didn’t make the front page. Seldom do these occurrences. For those whose data was stolen, however, the harm was subtle, gradual, and takes months to fully manifest.
The U.S. District Court for the District of South Carolina received the subsequent lawsuit, Hernandez et al. v. Purpose Financial, Inc. The plaintiffs claimed unjust enrichment, implied contract violations, negligence, and violations of state privacy and consumer protection laws. Throughout, Purpose Financial, which provides short-term lending products, cash advances, and payday loans, denied any misconduct. Naturally, that denial is standard legal procedure, but it doesn’t give much comfort to someone who received a letter informing them that their Social Security number might have been compromised.
The $7.75 million settlement that was ultimately reached is a non-reversionary fund, which means that any claims are paid out rather than discreetly returned to the business. Those who lived in the United States at the time of the breach, whose name and Social Security number were found in the compromised files, and who received a formal notification letter from Purpose Financial are eligible class members. It is important to remember that you have to have received that letter. Considering those notices to be junk mail, many people discard them. Thousands of eligible claimants might not have even known they were eligible.
The settlement provides multiple options for compensation for those who do qualify. With the right paperwork, documented out-of-pocket losses, such as identity theft expenses, credit monitoring fees, professional fees paid to credit repair services, or even incident-related postage and notary costs, can be reimbursed up to $5,000. After that, all legitimate claimants are eligible for a pro rata cash payment of roughly $50, plus an extra $50 for Californians who were residing in the state at the time of the breach. It’s not dramatic math. However, for those who were never asked if their information could be used in this manner, it’s real money.
Data breach settlements in 2025 and 2026 have a certain familiarity. They are now nearly predictable: a breach occurs, legal action is taken, a fund is created, class members are informed, and the majority of people never submit a claim. It is handled by the legal system, businesses get paid, and the business keeps running. These cases are not insignificant because of that rhythm. If anything, it makes them more easily disregarded than they ought to be.
The variety of subsidiaries involved in the Hernandez case is noteworthy. Customers of Purpose Financial’s nine regional affiliates in California, Florida, Indiana, Kentucky, Michigan, Mississippi, Nevada, Ohio, and Tennessee are covered by the settlement. For what is essentially a network of cash advance storefronts, that is a large geographic footprint. Individuals who utilize these services frequently already face financial instability. They were unprepared for the additional layer of vulnerability that comes with having their Social Security numbers made public.
In February 2026, the settlement’s claim deadline passed. That window is closed for anyone who missed it. However, the case itself serves as a helpful reminder that businesses that handle sensitive financial data in the short-term lending sector have real obligations, and that there are legal mechanisms that can, albeit imperfectly, hold them accountable when those obligations fall short. It’s reasonable to wonder if $7.75 million is sufficient to accomplish that. Most likely, it is not. However, it’s also not nothing.
