When is the Cash App settlement payout date?

Digital payments for the Salinas data breach settlement began in April 2025 and continued through Q1 and Q2 of 2026 for replacement and undeliverable payments. The Bottoms spam text settlement began issuing $394.36 payments on February 2, 2026. Paper checks for both settlements are expected to be mailed through spring 2026. The CFPB redress fund operates on a separate, ongoing automatic distribution schedule under federal supervision with no fixed end date announced.

Is the $120M CFPB Fund separate from the class action?

Yes. The $120 million CFPB Redress Fund is an automatic distribution for victims of mishandled fraud disputes under the Electronic Fund Transfer Act, entirely distinct from the $15 million Salinas v. Block data breach class action settlement. The CFPB fund requires no claim filing — Block is required to identify eligible consumers and issue refunds directly under CFPB oversight. A consumer could potentially qualify for both the class action settlement and the CFPB redress fund if they experienced both a data breach and a mishandled fraud dispute.

What is the March 31, 2026, deadline?

March 31, 2026, is the final deadline for claimants in the Salinas data breach settlement to cure deficiencies or provide supplemental proof for high-tier claims involving documented out-of-pocket losses up to $2,500. Claimants who received deficiency notices from the settlement administrator must upload required bank statements, identity theft documentation, or other supporting evidence by this date to remain eligible for the higher compensation tier. Claims that are not cured by this deadline may be reduced to the base payment amount or denied.

How do I check my Cash App settlement payment status?

For the Salinas data breach settlement, visit cashappsecuritysettlement.com or call (866) 615-9740 with your claim ID. For the Bottoms spam text settlement, visit BottomsTextSettlement.com or call (877) 540-7545. For CFPB redress fund inquiries, contact Block directly at 1-888-488-1181 or email CFPBinquiry@cash.app. Do not contact Cash App's general customer support for class action settlement questions, as the distributions are administered by third-party settlement administrators.

What changes is Cash App required to make after the settlements?

The CFPB consent order requires Block to establish 24-hour live-person customer service, fully investigate unauthorized transactions under EFTA and Regulation E, and provide timely refunds. The NYDFS imposed a one-year independent monitor to oversee compliance program remediation for BSA/AML deficiencies. The CSBS multistate settlement requires an independent consultant review of Block's BSA/AML program with a report due within nine months and correction of identified deficiencies within 12 months. Block is also required to implement enhanced customer due diligence and risk-based transaction monitoring controls.

Cash App Lawsuit Settlement 2026

Executive Summary

For the 8.2 million users compromised in the Block, Inc. data breaches and the millions more affected by mishandled fraud disputes, 2026 marks the final chapter in a multi-year pursuit of digital accountability. Three distinct legal actions are now in their distribution phase: the $15 million Salinas v. Block data breach class action (payments ongoing since April 2025), the $12.5 million Bottoms v. Block Washington spam text settlement ($394.36 payments began February 2, 2026), and the CFPB’s $120 million automatic redress fund for fraud victims (no claim required). Additionally, Block paid $80 million to 48 state regulators and $40 million to New York’s Department of Financial Services for anti-money laundering failures — totaling over $295 million in combined penalties and consumer compensation. All claim deadlines have passed. This guide explains each action, its current status, who qualifies, and what happens next.

The Three Major 2026 Funds at a Glance

	Salinas v. Block (Data Breach)	Bottoms v. Block (Spam Texts)	CFPB Redress Fund (Fraud Disputes)
Total Fund	$15 million	$12.5 million	Up to $120 million (minimum $75M)
Case Number	22-cv-04823 (N.D. Cal.)	2:23-cv-01969-MJP (W.D. Wash.)	CFPB Consent Order, Jan. 16, 2025
Core Allegation	Negligent data security; former employee accessed 8.2M accounts; recycled phone number vulnerability	Facilitated unsolicited commercial texts to ~1.97M Washington residents via referral program	Failed to investigate fraud disputes; suppressed customer service; violated EFTA/Reg E
Claim Deadline	November 18, 2024 (closed)	October 27, 2025 (closed)	No claim required — automatic
Payment Status	Electronic payments began April 10, 2025; paper checks from April 20, 2025	$394.36 payments began February 2, 2026	Ongoing; consumers contact Block at 1-888-488-1181 or CFPBinquiry@cash.app
Average Payout	~$138–$200 (up to $2,500 for documented losses)	$394.36 per approved claimant	Varies; refunds for uninvestigated unauthorized transfers
Approved Claims	~40,380 of 667,000+ filed	Pro rata from ~$8.7M net fund	Determined by Block under CFPB supervision

Current Status: March 2026

As of March 31, 2026, the litigation cycle against Block, Inc. has largely transitioned from courtroom proceedings to distribution logistics. Both class action claim deadlines have passed. No new claims are being accepted in either case. The critical question for most affected users is no longer whether they qualify — it is whether their payment has arrived.

Salinas v. Block: Distribution Nearly Complete

Electronic payments for the Salinas data breach settlement began on April 10, 2025, with paper checks following on April 20, 2025. Of the 667,000+ claims filed, approximately 40,380 were approved, totaling about $5.6 million in distributions. The settlement administrator continues processing stragglers — particularly replacement checks for undeliverable mail and returned electronic payments. Under the settlement agreement, paper checks expire 90 days from their date of issue, and the administrator makes reasonable efforts to locate valid addresses and resend payments within 30 days of a return.

If your claim was approved and you have not received payment, confirm that your selected payment method (bank account, Venmo, Zelle, or mailing address) remains current. Contact the settlement administrator directly at (866) 615-9740 or visit cashappsecuritysettlement.com. Do not contact Cash App or Block — they are not administering the distributions.

Bottoms v. Block: Active Payout Phase

The court granted final approval to the Bottoms spam text settlement on December 2, 2025, and the settlement administrator began issuing $394.36 payments to approved claimants on February 2, 2026. Judge John Chun deemed the settlement “fair, reasonable, and adequate and in the best interests of the Settlement Class.” Attorney fees of $3.1 million were awarded from the settlement, with the class representative receiving $10,000. Remaining class members who filed by the October 27 deadline shared about $8.7 million.

Payments are being distributed through claimant-selected methods including paper checks, Venmo, PayPal, and other electronic transfer options. If you submitted a valid claim and have not yet received payment, allow additional processing time — particularly for paper checks — and monitor the official settlement website at BottomsTextSettlement.com.

CFPB Redress Fund: The Automatic Track

Unlike the two class actions, the CFPB redress fund requires no action from consumers to obtain refunds. This is a regulatory enforcement action, not a private settlement, and the CFPB itself oversees distribution rather than a third-party claims administrator.

Block is required to pay a minimum of $75 million and up to $120 million in refunds to consumers victimized by fraudulent transactions who did not receive refunds they were entitled to, as well as to those whose unauthorized transfers were not adequately investigated. Consumers whose accounts were locked or who were not provided provisional credits during a delayed investigation are also entitled to a refund.

Consumers with inquiries can contact Block directly at 1-888-488-1181, by email at CFPBinquiry@cash.app, or by mail at Cash App MSC 210, 1955 Broadway, Suite 600, Oakland, CA 94612.

The Breaches That Started It All: A Technical Autopsy

Understanding the litigation requires understanding the failures. Block’s legal exposure didn’t emerge from a single incident — it resulted from systemic weaknesses in access control, authentication architecture, and post-employment security protocols that a company processing over $248 billion in annual inflows should never have tolerated.

The Former Employee Breach (December 2021 / Disclosed April 2022)

The Cash App data breach was caused by a former employee who accessed customer financial reports as an act of revenge against the company after their employment was terminated. The employee had required access to the financial reports as part of their daily duties. After termination, on December 10, 2021, the employee downloaded these reports without permission, stealing customer full names, brokerage account numbers, portfolio values, portfolio holdings, and stock trading activity for one trading day.

Block declined to say how many Cash App customers were impacted by the breach but said it was contacting approximately 8.2 million current and former customers about the incident.

This breach exposes a KYC and access management failure that should alarm anyone who studies fintech compliance. Block could not — or did not — answer how long the former employee retained access after termination. The four-month delay between the breach (December 2021) and the SEC disclosure (April 2022) prolonged the window of exposure for every affected user. For a company operating at Block’s scale, the failure to implement immediate credential revocation upon employee departure represents a foundational security deficiency, not a one-off mistake.

The Recycled Phone Number Vulnerability (2023)

The second breach was arguably more troubling from a systemic perspective. In 2023, some Cash App users saw their accounts being accessed without authorization. This breach happened due to systemic account access vulnerabilities and number recycling. Cash App lets users log in through a one-time security code received via text or email, instead of a password or multi-factor authentication. Number recycling is a practice in which, once a person changes their phone number, it gets reassigned to another user.

This is not a novel attack vector. The recycled phone number exploit has been documented in security literature for years. That Cash App’s authentication architecture remained vulnerable to it in 2023 — with 56 million active accounts on the platform — suggests that the company treated user authentication as a convenience optimization problem rather than a security engineering priority. The passwordless login design reduced friction for users, but it also reduced friction for anyone who happened to acquire a recycled phone number linked to an active Cash App account.

The consolidated Salinas lawsuit captured both breaches, alleging that Block and Cash App Investing were negligent, made misrepresentations, and breached obligations to their users in connection with both incidents.

The Regulatory Tsunami: January 2025

The class action settlements, while significant, represent only a fraction of Block’s total legal exposure. In a single 48-hour span in January 2025, three separate regulatory actions produced a combined financial impact of $255 million.

CSBS Multistate Enforcement: $80 Million (January 15, 2025)

In a coordinated enforcement action by 48 state financial regulators, Block agreed to pay an $80 million fine and undertake corrective action for violations of the Bank Secrecy Act and anti-money laundering laws. State regulators found Block was not in compliance with certain requirements, creating the potential that its services could be used to support money laundering, terrorism financing, or other illegal activities.

The settlement required Block to hire an independent consultant to review its BSA/AML program and submit a report within nine months, with 12 months to correct identified deficiencies. Seven states — Arkansas, California, Massachusetts, Florida, Maine, Texas, and Washington — led the enforcement effort.

The CFPB ordered Block to refund and pay other redress to consumers up to $120 million and pay a penalty of $55 million into the CFPB’s victims relief fund.

The consent order documented a pattern of conduct that went beyond negligence into what the CFPB characterized as deliberate cost suppression at the expense of consumer protection. Cash App’s terms of service misled consumers to believe that disputes over transactions were the responsibility of their bank. In one instance cited in the consent order, Cash App instructed a customer who reported an unauthorized debit card transaction to contact their bank, shirking its statutory duty to investigate. When Block did investigate disputes, it used intentionally inadequate investigation practices to close reports in the company’s favor.

Block also made it difficult for Cash App clients to obtain helpful customer service. For many years, a telephone number listed on the back of the Cash Card and in the terms of service connected users to a pre-recorded message redirecting them to contact support through the app.

The consent order requires Block to establish 24-hour, live-person customer service — a requirement that underscores just how deficient the prior system was.

NYDFS Penalty: $40 Million (April 10, 2025)

The New York Department of Financial Services announced that Block would pay a $40 million penalty for significant failures in its BSA/AML compliance program. The investigation revealed critical gaps including inadequate customer due diligence, failure to implement sufficient risk-based controls, and failure to effectively and timely monitor transactions.

Block’s lax treatment of high-risk Bitcoin transactions allowed largely anonymous transactions to proceed without proper scrutiny. The rapid growth of Cash App absent a robust compliance function created risk and vulnerabilities that violated the rules financial services companies operating in New York must adhere to.

The most striking allegation from the regulator was the existence of a system within Block that withheld the automatic prevention of bitcoin transactions to some wallets found to have smaller exposures to terrorism-connected wallets. The NYDFS also imposed a one-year independent monitor — a significant remedial measure that signals the regulator’s lack of confidence in Block’s ability to self-correct.

Understanding the CFPB Fund vs. the Class Actions

One of the most common sources of confusion for affected users is the relationship between the CFPB redress fund and the Salinas/Bottoms class action settlements. These are entirely separate legal actions addressing different conduct, administered through different mechanisms, with different eligibility criteria.

What the Class Actions Cover

The Salinas settlement addresses data breach negligence — specifically, the former employee accessing 8.2 million accounts and the recycled phone number vulnerability. The Bottoms settlement addresses unsolicited commercial text messages sent to Washington residents through Cash App’s referral program. Both required users to file claims and meet specific eligibility criteria within deadlines that have now passed.

What the CFPB Fund Covers

The CFPB consent order addresses a fundamentally different category of harm: the systemic mishandling of fraud disputes under the Electronic Fund Transfer Act. Block is required to pay up to $120 million in refunds and other redress to consumers whose unauthorized transfers were not investigated, consumers who did not receive refunds they were entitled to, and consumers whose accounts were locked for an extended period of time or who were not provided provisional credits during a delayed investigation.

This means a user could potentially benefit from both the Salinas settlement (if they filed a claim for data breach harm) and the CFPB redress fund (if they also had a fraud dispute that Cash App failed to investigate). The two are not mutually exclusive.

The critical distinction for users who missed the class action deadlines: the CFPB fund is automatic. It does not depend on filing a claim form. Block is identifying and compensating eligible users under CFPB supervision.

Payment Timelines: The 2026 Distribution Calendar

Salinas Data Breach Settlement

Electronic payments (direct deposit, Zelle, Venmo): Ongoing since April 2025. Most approved claimants have received payment. Replacement payments for returned or undeliverable disbursements continue on a rolling basis.

Paper checks: Began April 20, 2025. Checks expire 90 days from issuance. Replacement checks are valid for 60 days and the administrator makes reasonable efforts to resend within 30 days of a return.

Bottoms Spam Text Settlement

All payment methods: Payments of $394.36 began February 2, 2026. Electronic recipients received funds first. Paper check recipients should expect delivery through spring 2026.

CFPB Redress Fund

Automatic refunds: No public distribution timeline has been announced. The CFPB is overseeing Block’s identification of affected consumers and requiring the company to issue refunds directly. Users who believe they are eligible should watch their Cash App activity for “Settlement Credit” labels or contact Block’s dedicated CFPB inquiry line.

The Bigger Picture: What $295 Million in Penalties Reveals About Fintech Compliance

The combined weight of Block’s legal exposure — $15M (Salinas) + $12.5M (Bottoms) + $120M (CFPB redress) + $55M (CFPB penalty) + $80M (CSBS) + $40M (NYDFS) — tells a story that extends far beyond one company’s compliance failures. It illustrates a structural tension in the fintech industry between growth-at-all-costs product design and the regulatory obligations that come with handling other people’s money.

Block processed approximately $248 billion in Cash App inflows in 2023 alone. The company’s gross profit totaled roughly $7.5 billion that year, with approximately $4 billion generated by Cash App. Against those numbers, $295 million in penalties represents a meaningful but absorbable cost — approximately 7.4% of Cash App’s annual gross profit.

The real question for consumers — particularly the underbanked and unbanked populations that Cash App heavily serves — is whether these penalties will produce lasting behavioral change. The NYDFS monitor appointment suggests regulators are not confident that fines alone will suffice. The CFPB’s requirement for 24-hour live customer service represents a direct intervention into Block’s cost structure that the company cannot easily circumvent.

For practitioners in consumer financial protection, Block’s enforcement cycle represents a case study in what happens when fintech companies scale faster than their compliance infrastructure. The BSA/AML failures, the absent employee offboarding protocols, the passwordless authentication architecture, the customer service suppression — these are not isolated incidents. They are symptoms of a company that prioritized user acquisition velocity over the regulatory scaffolding required to protect those users once acquired.

Troubleshooting: Common Questions in 2026

Why Is My Salinas Claim Status Still “Pending”?

If your Salinas claim still shows as pending in 2026, one of several things may have occurred: your documentation was insufficient to support the tier of compensation you claimed (particularly for the $2,500 high-tier claims requiring proof of out-of-pocket losses), your contact information became invalid before payment could be issued, or the administrator flagged your claim for additional review. Contact the settlement hotline at (866) 615-9740 with your claim ID.

I Never Filed a Claim — Can I Still Get Money?

For the Salinas and Bottoms settlements: no. Both claim deadlines have passed and no new claims are being accepted. However, if you had a fraud dispute that Cash App failed to properly investigate, you may be eligible for automatic refunds through the CFPB redress fund without having filed any claim.

Why Did I Receive Less Than $2,500 from Salinas?

The $2,500 maximum applied only to claimants who documented specific out-of-pocket losses with supporting evidence such as bank statements, police reports, or records of identity theft monitoring costs. The average approved payout was approximately $138 to $200, reflecting the pro rata distribution among approved claims after attorney fees and administrative costs.

Is My CFPB Refund Taxable?

Settlement payments and regulatory refunds may have tax implications depending on the nature of the payment and your individual circumstances. Refunds of previously lost funds are generally not taxable, but payments characterized as damages or penalties may be. Consult a tax professional.

Frequently Asked Questions

What lawsuits were filed against Cash App and Block, Inc.?

The primary actions include the Salinas v. Block data breach class action ($15M settlement, N.D. Cal.), the Bottoms v. Block spam text class action ($12.5M settlement, W.D. Wash.), the CFPB consent order requiring up to $120M in consumer redress plus a $55M penalty, a 48-state coordinated enforcement action through the CSBS ($80M penalty), and the NYDFS enforcement for BSA/AML violations ($40M penalty).

Are Cash App settlement payments still being issued in 2026?

Yes. Salinas data breach payments have been ongoing since April 2025, with replacement checks still processing. Bottoms spam text payments of $394.36 began February 2, 2026. CFPB automatic refunds are being distributed on an ongoing basis under federal supervision.

Do I need to file a claim for the CFPB $120 million fund?

No. The CFPB redress fund is automatic. Block is required to identify eligible consumers and issue refunds without any action from the consumer. This covers users whose fraud disputes were inadequately investigated or whose accounts were locked without proper provisional credits.

What caused the Cash App data breaches?

Two incidents are at the center of the Salinas litigation. In December 2021, a former Block employee accessed confidential customer reports after their employment ended — exploiting the fact that access credentials were not revoked upon termination. In 2023, unauthorized users accessed accounts through recycled phone numbers that were still linked to active Cash App accounts due to the platform’s passwordless SMS-based authentication system.

Can I still file a claim for the Cash App settlements?

No. The Salinas data breach claim deadline was November 18, 2024. The Bottoms spam text claim deadline was October 27, 2025. Both are closed. The only remaining avenue for consumer compensation is the automatic CFPB redress fund, which does not require a claim filing.

How much did Block pay in total across all actions?

Block’s combined financial exposure across the five major 2025–2026 actions totals approximately $322.5 million: $15M (Salinas), $12.5M (Bottoms), up to $120M (CFPB redress), $55M (CFPB penalty), $80M (CSBS multistate), and $40M (NYDFS).

What changes is Cash App required to make going forward?

The CFPB consent order requires Block to establish 24-hour live-person customer service, fully investigate unauthorized transactions, and provide timely refunds where appropriate. The NYDFS imposed a one-year independent monitor to oversee compliance program remediation. The CSBS settlement requires an independent consultant review of BSA/AML programs with a report due within nine months and deficiency corrections within 12 months.

Where can I check my settlement payment status?

For the Salinas data breach settlement, visit cashappsecuritysettlement.com or call (866) 615-9740. For the Bottoms spam text settlement, visit BottomsTextSettlement.com or call (877) 540-7545. For CFPB redress inquiries, contact Block at 1-888-488-1181 or email CFPBinquiry@cash.app.

This article is provided for informational purposes by Credible Law (4b7.a10.myftpupload.com/) and does not constitute legal advice. Settlement terms, payment amounts, and regulatory actions are subject to change. Consult a qualified attorney for guidance specific to your situation.