I never expected that one of my older medical bills would lead me down a maze of legal notices and settlement websites. But when I got a letter titled “Notice of Data Security Incident” from The Lash Group / Cencora, I knew I had to figure out what it meant, and whether there was actually money I could claim. After weeks of digging, I’m sharing everything I found, plus my own “claim journey,” so you don’t have to walk blind.
What Really Happened: The Cencora / Lash Group Data Breach
Cencora (formerly AmerisourceBergen) is a huge player in the healthcare supply chain. In 2024, they confirmed that hackers gained access to their systems, which potentially exposed personal data, things like names, addresses, dates of birth, medical and insurance information, and in some cases, financial details.
That breach triggered lawsuits, which eventually rolled into a class action settlement in 2025. If your data was part of the breach, you’re automatically included in the settlement unless you opt out.
Who Is Eligible for Compensation
If you received an official notice in the mail or by email, you’re likely already identified as a class member. Even if you didn’t get a letter, you can still check your eligibility on the official settlement website by entering some basic details.
From what I gathered, you qualify if your personal information was compromised during the timeframe of the incident. The settlement doesn’t just cover people who lost money, it also offers a cash payout option for those who were simply affected.
Types of Payouts
There are two main paths:
- Reimbursement for losses: If you had out-of-pocket costs tied to the breach (fraudulent charges, identity theft expenses, credit monitoring fees, etc.), you can file a claim for reimbursement. You’ll need to provide receipts or documentation.
- Flat cash payment: If you don’t have proof of losses, you can still claim a smaller cash payout as long as you’re part of the settlement class.
You have to pick one or the other, not both.
How to File a Claim
Here’s how the process went for me:
- I went to the official Cencora settlement website (the link was provided in the notice).
- I entered my Class Member ID from the letter, which pulled up my eligibility automatically.
- I chose the payout option I wanted, in my case, the flat cash payment since I didn’t have receipts for fraud or monitoring services.
- I filled out my details, uploaded what was needed, and submitted the claim.
The whole process took less than 15 minutes. I also got a confirmation email, so I know my claim is in the system.
Key Deadlines You Can’t Miss
This is one of those situations where deadlines matter more than anything else:
- Claim filing deadline: January 19, 2026
- Exclusion or objection deadline: December 18, 2025
- Final approval hearing: February 5, 2026
If you miss the claim filing date, you’ll lose your right to compensation.
Conclusion
Going through this made me realize how important it is to stay on top of these settlement notices. A lot of people ignore them and leave money on the table. While the payout isn’t going to make anyone rich, it’s compensation for a situation we didn’t ask for, having our private information exposed.
For me, the Cencora Data Security Incident Settlement was straightforward to navigate once I sat down and followed the steps. If you got a notice, don’t wait until the last minute. File your claim early, keep a copy of your submission, and set a reminder for the final approval date.
Dez