Chime Customers Hit With Lawsuit After Hack Allegedly Exposed Their Personal Information

A group of Chime Financial customers has filed a class action lawsuit claiming the popular banking app failed to protect their personal information during an April 2026 cyberattack. The lawsuit says the breach exposed sensitive data including Social Security numbers, government-issued ID information, and account credentials — and that Chime has not properly notified affected customers.

The case is still early. There is no settlement and no claims process at this time. But if you use Chime, here is what you need to know.

What Happened?

On or around April 1, 2026, a hacker group known as Team 313 allegedly attacked Chime’s computer systems. The group is described in court filings as a pro-Iranian cybercriminal organization that has been tracked under several names by major cybersecurity firms, including Check Point, Microsoft, and CrowdStrike.

According to the lawsuits, at the peak of the disruption, tens of thousands of Chime users lost access to their accounts. They could not check their balances, move money, or pay bills.

What Data Was Allegedly Stolen?

The lawsuits allege that Team 313 stole a range of sensitive personal information from Chime’s systems, including:

• Social Security numbers
• Dates of birth
• Government-issued ID information
• Postal addresses and email addresses
• Phone numbers
• Account login credentials

The lawsuits say this is exactly the kind of data that can be used to commit identity theft and fraud.

What Did Chime Say?

During the April 1 outage, Chime told customers that their “money in your account and your personal information are secure.” The company has since stated that the attacker did not steal any data.

The lawsuits dispute Chime’s account. The complaints point to Team 313’s own leak site and social media posts, where the group claimed responsibility and said it obtained customer data.

It is worth noting that cybersecurity advisories cited in the court filings say Team 313 has a history of exaggerating breach claims. None of the lawsuits has produced independent evidence of stolen data beyond what the hacker group publicly claimed, and the full facts are still being sorted out in court.

What Are the Lawsuits Claiming?

The main case, filed April 3, 2026 in California federal court, is called Castaneda et al. v. Chime Financial, Inc. (Case No. 3:26-cv-02924).

The customers suing Chime say the company broke the law by:

• Failing to properly secure its computer systems
• Failing to notify affected customers in a timely way after the breach
• Misleading customers by telling them their information was safe

The lawsuits seek compensation for affected customers, including the time and money spent dealing with the fallout from the breach.

What Comes Next?

This case is at an early stage. A judge still needs to decide whether it can proceed as a class action. After that, the two sides may settle or go to trial — data breach cases like this typically take one to three years to resolve.

There is nothing to file right now. If a settlement is reached down the road, affected customers may be able to submit a claim for compensation.

What Should Chime Customers Do?

Whether or not the breach is confirmed, it is smart to take a few protective steps:

• Check your credit reports for unfamiliar accounts. Free reports are available at AnnualCreditReport.com.
• Place a credit freeze with Equifax, Experian, and TransUnion. It is free and stops new accounts from being opened in your name.
• Monitor your Chime account for transactions you do not recognize.
• Change your Chime password and make it unique — do not reuse it on other sites.

Common Questions