U.S. District Judge Curtis L. Collier on Friday preliminarily approved a $1.75 million class action settlement in Kubba v. Lee University, clearing the way for compensation to 136,928 students, faculty, and staff affected by a 2024 data breach.
The settlement resolves claims that the university failed to implement reasonable cybersecurity safeguards after ransomware gang Medusa claimed responsibility for the March 22, 2024, intrusion in April 2024.
The fund will cover attorney fees of up to $0.58 million, or one-third of the total settlement value, and provide class members with credit monitoring, reimbursement for documented losses up to $5,000, and pro rata cash payments.
Collier found the settlement fair, reasonable, and adequate under Federal Rule of Civil Procedure 23, noting that the complexity and expense of data breach litigation favored resolution over trial.
The court also conditionally certified the settlement class and appointed Leanna Loginov and J. Gerard Stranch as class counsel, finding they had vigorously prosecuted the action on behalf of the 136,928 individuals.
The judge approved a notice program involving postcard mailings and a toll-free number for class members, directing Kroll Settlement Administration to manage the claims process.
Collier noted the proposed $2,500 service awards for the seven named plaintiffs—Michael Harris, Christopher Vaught, Caleb Nabors, Katelyn Butler, Brittany Kubba, Dennis Goodine, and one other unnamed representative—were substantial relative to the expected pro rata cash payment of $100.
The court stated it would scrutinize the service awards more closely during the final approval process, citing precedent that such payments should generally not exceed 10 times the amount received by unnamed class members.
The case is stayed pending final approval, with a fairness hearing scheduled for July 23, 2026, at the federal courthouse in Chattanooga.
Class members have until a date set by the court to submit claims or request exclusion from the settlement.