Sur La Table fined $550,000 for data breach revealing customers’ personal information

May 3, 2025

In 2023, Sur La Table, a popular kitchenware retailer, faced a significant data breach that exposed customers’ personal information, leading the company to agree to a settlement of $550,000 for a class-action lawsuit. This breach was not a minor technical issue but a serious cyber-attack where hackers infiltrated Sur La Table’s computer systems, compromising sensitive data such as Social Security numbers and insurance information. The breach came to light in May 2023 when the company started notifying affected individuals through data breach notices.

The lawsuit against Sur La Table alleges that the company neglected to implement essential security measures and failed to adequately monitor its systems for potential threats. Although Sur La Table has not admitted any wrongdoing, they have agreed to pay a settlement as a resolution to the lawsuit.

Individuals who received notification letters regarding the data breach are eligible to partake in the $550,000 settlement. It is essential to note that the settlement is exclusive to those who received official notification of the breach, and not all customers of the store are automatically eligible. Additionally, residents of California, who were specifically notified of the breach, constitute a separate subgroup eligible for an extra flat-rate payment.

Affected individuals can claim compensation up to $4,000 for various expenses related to the data breach, including identity theft costs, credit monitoring services, time spent resolving fraud issues, and fees incurred from financial institutions or professionals. Even without receipts, individuals impacted by the breach can still request a pro rata cash payment based on the total settlement fund and the number of claims filed.

To substantiate claims for out-of-pocket reimbursements, individuals must provide documentation such as bank or credit card statements displaying unauthorized charges, invoices for credit monitoring services, or correspondence from IRS or credit agencies. Filing claims under the settlement agreement requires honesty, as false claims could adversely affect genuine claimants.

While financial compensation is available to eligible parties, everyone included in the affected group is entitled to two years of identity theft protection and credit monitoring services, irrespective of whether they file a claim for reimbursement. This benefit provided as part of the settlement aims to safeguard individuals against potential identity theft risks resulting from the data breach.

To participate in the settlement, interested individuals should mark their calendars with key dates: the claim submission deadline on July 7, 2025, the objection or exclusion deadline on June 5, 2025, and the final approval hearing on August 27, 2025. Claims can be submitted conveniently online via the official settlement website, with the process typically taking only a few minutes if the necessary documentation is prepared in advance.