πŸ³οΈβ€βš§οΈ trans rights are human rights πŸ³οΈβ€βš§οΈ
Theme

Your Social Security Number Was Exposed. Bray International Settled for $45.

EvilCorporations.com β€’ Case No. 2025-51687 β€’ Harris County, Texas β€’ Estimated Reading Time: 6.9 minutes

The Non-Financial Ledger

You didn’t ask for this. At some point, Bray International Inc. had your name. They had your Social Security number. Maybe your driver’s license number. They stored it on a network that was compromised in April 2024, and somewhere between the breach happening and you finding out about it, the clock on your financial vulnerability started ticking without your knowledge.

The settlement notice you received in the mail, if you received one at all, was probably the first time you heard that your most sensitive identifying information had been “potentially accessed” by someone who had no right to it. The phrase “potentially accessed” is doing a lot of heavy lifting there imo. It’s the kind of language designed to be technically accurate while emotionally minimizing. Your Social Security number either was or was not viewed by an unauthorized party. You will never know which.

What you do know is that you now have to act. You have to file a form, produce documentation, make a legal declaration under penalty of perjury, and wait. You have to monitor your credit. You have to remember, for the rest of your life, that your SSN is out there, in a breach dataset somewhere, potentially being traded or sat on until the free credit monitoring that came out of this settlement runs out in two years. Identity theft from breach data often takes years to materialize. The two-year monitoring window ends. The exposure does not.

The people who took your data, or the people who accessed a network where your data lived, will not file a claim form. They will not have to document their activities. They do not have to prove that any harm they caused was more likely than not connected to this specific breach. You do. The burden is entirely on you to prove your own victimhood to a settlement administrator, under oath, before a deadline, with receipts.

And after all of that, if enough people file, your payout gets cut proportionally. The $227,000 cap is a wall. The more people the breach affected, the smaller each person’s share of justice becomes.

Legal Receipts

The following language comes directly from the settlement agreement and its attached notices. These are the actual terms governing your rights.

“This Settlement Agreement is for settlement purposes only, and nothing in this Settlement Agreement shall constitute, be construed as, or be admissible in evidence as any admission of the validity of any claim or fact alleged by Plaintiff in the Action or in any other pending or subsequently filed action, or of any wrongdoing, fault, violation of law, or liability of any kind on the part of Released Parties.”
  • This clause means Bray pays without ever legally acknowledging that it did anything wrong. There is no official record of liability. The settlement cannot be used against Bray in any future legal proceeding. This is standard in data breach settlements, but it matters: the company walks away with its reputation legally intact.
  • Any future victim of identity theft who tries to argue that this settlement proves Bray was negligent will be blocked by this clause. The settlement is designed to end legal exposure, not create accountability.
“In the unlikely event that the total Approved Claims for Ordinary Losses, Extraordinary Losses, Lost Time, and Alternative Cash Payments would exceed the Aggregate Cap, such Approved Claims will be decreased pro rata to stay within the Aggregate Cap.”
  • The $227,000 fund is a ceiling, not a guarantee. If enough class members file valid claims, everyone’s payout gets reduced by the same fraction. The more people harmed, the less each person collects.
  • This structure protects Bray’s financial exposure at the direct expense of individual victims. A company with greater liability ends up paying the same fixed amount regardless of how many people were harmed.
“Upon the Effective Date, and in consideration of the Settlement benefits described herein, each Releasing Party shall be deemed to have completely and unconditionally released, acquitted, and forever discharged Defendant and each of the Released Parties from any and all Released Claims, including Unknown Claims.”
  • “Unknown Claims” means claims you don’t know exist yet, including future identity theft or fraud that hasn’t happened as of the date you sign on. By participating in the settlement, you waive rights to claims that haven’t materialized yet.
  • California Civil Code Section 1542, which normally protects people from unknowingly waiving future claims, is explicitly waived in this agreement. The settlement goes out of its way to close off legal avenues you don’t even know you have.
“Defendant agrees not to oppose Class Counsel’s request for an award of attorneys’ fees and costs not to exceed One Hundred and Twenty-Five Thousand Dollars and Zero Cents ($125,000.00).”
  • The attorneys’ fee cap is $125,000. The entire cash fund for all victims combined is $227,000. The lawyer fees represent 55 cents for every dollar in the victim fund. Both are paid by Bray, but the fee arrangement is pre-agreed and uncontested. Bray will not fight the $125,000 request.
  • The named plaintiff, Christopher Menard, is separately entitled to a service award of up to $3,500, also paid by Bray. This payment is for his role in initiating and sustaining the litigation.

What Bray Presented vs. What the Documents Say

The settlement notice sent to class members frames the situation in ways that consistently minimize the severity and scope of what happened.

  • What you were told: “Certain files that contained private information were potentially accessed.” What the documents establish: The Data Incident is defined in the settlement as a “data security incident” that “occurred in or around April 2024,” and the class is defined as all people whose personal information “was potentially accessible.” The use of “potentially” in every public-facing communication obscures that the legal class definition covers anyone whose data was reachable, not merely provably stolen.
  • What you were told: The settlement “provides a number of different benefits.” What the documents establish: The total cash available to every affected person combined is capped at $227,000 regardless of how many people were harmed. The “benefits” shrink as participation increases.
  • What you were told: You can receive “up to $3,000” for identity theft losses. What the documents establish: To claim that $3,000, you must prove the loss was “more likely than not caused by the Data Incident,” document it with third-party evidence, demonstrate you exhausted all available insurance first, and survive a review by a settlement administrator who has “sole discretion” over claim validity. The $3,000 figure is a ceiling on a heavily gatekept process, not a standard payout.
Visual 4: What You Were Told vs. The Reality What You Were Told The Reality “Certain files were potentially accessed.” Class covers anyone whose data was reachable on Bray’s network. You may never know if it was viewed. “Up to $3,000 for identity theft losses.” Requires third-party proof, causal link to this specific breach, exhausted insurance, and admin approval. “A number of different benefits are available.” Total cash for all victims combined is capped at $227,000. More claimants means smaller individual payouts. @media (prefers-reduced-motion: no-preference) { .sv4-left { animation: ec-slide-left 0.5s ease-out both; } .sv4-right { animation: ec-slide-right 0.5s ease-out both; } }

Profit-Maximization at All Costs: The $227,000 Ceiling

The settlement structure reveals a deliberate financial architecture: Bray’s maximum cash exposure to victims is fixed at $227,000, regardless of how many people were affected and regardless of the actual scale of harm.

  • The $227,000 Aggregate Cap covers all Ordinary Loss claims (up to $400 per person), all Extraordinary Loss claims (up to $3,000 per person), all Lost Time claims (up to $80 per person), and all Alternative Cash Payments ($45 per person). Credit monitoring costs are excluded from this cap and paid separately.
  • If every class member chose the flat $45 Alternative Cash Payment, the entire $227,000 would cover exactly 5,044 people. Anyone beyond that number would see their $45 reduced pro rata. The settlement does not disclose how many people are in the class.
  • Attorneys’ fees of up to $125,000 and the plaintiff service award of up to $3,500 are paid by Bray separately from and in addition to the $227,000 victim fund. This means Bray’s total known maximum outlay is $355,500, with the majority of that going to legal representation rather than affected individuals.
  • The settlement agreement specifies that the attorneys’ fee amount “was negotiated after the primary terms of the Settlement were negotiated.” This sequencing is definetely notable: it suggests the victim compensation structure was locked before the question of attorney compensation was resolved, allowing the two to be treated as independent rather than competing for the same pool of money.
Visual 7: Victim Fund vs. Legal Fees β€” Bray’s Settlement Payout Breakdown $350k $280k $210k $140k $70k $227k All Victim Cash Claims $125k Attorneys’ Fees (max) $3.5k Named Plaintiff Award
The lawyers are guaranteed up to $125,000. Every other victim combined is guaranteed a maximum of $227,000, split however many ways.

The Settlement Isn’t Justice: What This Deal Actually Does

The settlement resolves the legal case without resolving anything for the people whose data was exposed. The structural shortfalls are built into the agreement’s design.

  • No admission of wrongdoing. Section XV of the settlement agreement is titled “No Admission of Liability.” Bray “specifically denies that a class could or should be certified in the Action for litigation purposes” and states it “does not admit any liability or wrongdoing of any kind.” The settlement exists, in Bray’s legal framing, purely to end expensive litigation, not to acknowledge that it failed to protect your data.
  • The $45 default payout. For a person whose SSN was exposed, the no-documentation-required payout is $45. That is the price Bray has placed on the floor-level disruption of having your most sensitive identifier potentially compromised. For context, a single credit monitoring service subscription costs more than that annually.
  • Pro-rata reduction. The $227,000 cap means individual payouts shrink as class participation rises. This creates a perverse incentive structure where greater corporate harm, affecting more people, produces smaller individual recoveries. The cap does not scale with the number of victims.
  • Permanent release of future claims. By participating, every class member permanently waives the right to sue Bray for any claim arising from this breach, including identity theft that happens years from now and is traceable to this exposure. The two-year credit monitoring window does not match the permanence of the legal release.
  • The burden is yours. To recover anything beyond $45, you must produce third-party documentation, submit under penalty of perjury, satisfy a causal link standard (“more likely than not”), exhaust other available insurance, and survive a claims review process in which the settlement administrator has “sole discretion” to deny your claim. Bray’s obligation is to pay what the administrator approves, not what you lost.

Societal Impact Mapping

Public Health and Safety: The Identity Theft Pipeline

Data breaches involving Social Security numbers and driver’s license numbers create long-tail harms that extend well beyond the initial exposure event.

  • Social Security numbers, once compromised, cannot be changed easily. They serve as the root credential for tax filing, credit applications, government benefits, and medical insurance. A single exposed SSN can generate years of downstream fraud attempts across multiple institutions.
  • The settlement’s two-year credit monitoring window does not account for the fact that breach data is often held and monetized over multi-year periods. The legal release that class members sign is permanent. The protection offered is temporary.
  • The data breach disclosure states that personal information “varied by individual,” meaning different class members face different levels of exposure without being told which category applies to them. There is no mechanism in the settlement to inform individual claimants which specific data types of theirs were involved.

Economic Inequality: Who Bears the Cost

The financial and administrative burden of this settlement falls entirely on the people who were harmed, not on the corporation that failed to protect their data.

  • Claiming more than $45 requires time, documentation, and bureaucratic competence. Class members who lack the time to gather receipts, the knowledge to navigate a claims process, or the English-language literacy to interpret legal notices will default to the $45 flat payment or nothing at all.
  • Workers and lower-income individuals are disproportionately harmed by identity theft, which can affect credit scores, employment screening, housing applications, and access to financial services. The settlement structure does not account for this multiplier effect; it pays out documented receipts, not documented life disruption.
  • The administrative cost of the settlement, including notice dissemination, website maintenance, skip tracing, and claims review, is paid by Bray separately from the victim fund. But that administrative spend benefits the settlement process, not the individual claimant who still has to do the work of filing.

Who Pays? Following the Cost

The financial architecture of this settlement transfers the ongoing costs of the breach almost entirely to class members and away from Bray International.

  • Bray pays a fixed, capped sum. Class members absorb the uncapped remainder: the time spent monitoring credit, the cost of any fraud that doesn’t meet the documentation threshold, the permanent identity vulnerability, and the legal rights they surrender.
  • The Lost Time reimbursement rate of $20 per hour, capped at four hours, covers monitoring and administrative tasks. But the settlement is clear that “emotional distress, personal/bodily injury, or punitive damages” are explicitly not recoverable under any circumstances. The anxiety, the hours spent on hold with banks, the stress of uncertainty: those costs are yours to keep.
  • The two-year credit monitoring service is valuable but temporary. After it expires, the cost of maintaining your own identity protection reverts entirely to you. The breach created a permanent condition. The settlement addresses it with a time-limited service.
  • Settlement checks expire within 90 days of issue. Uncashed checks are voided, and class members who miss that window permanently forfeit their payment while still being bound by the release of all claims.
Visual 8: Where the Costs Actually Land Bray International Breach origin Pays $227k max to victim fund Pays $125k attorney fees $227k Victim Fund Split among all valid claims Class Counsel Up to $125,000 guaranteed Pro-rata if overclaimed Class Members $45 flat or up to $3,400 Permanent ID exposure, future fraud risk, ongoing self-monitoring

The “Cost of a Life” Metric

$45.00

The no-documentation-required cash value Bray International assigned to the potential exposure of your Social Security number, driver’s license number, and full name in the April 2024 data breach.

That is the Alternative Cash Payment available to every class member. No receipts required. No proof of harm required. Sign the form, get $45, permanently waive all legal rights against Bray over this breach, including future claims you don’t know about yet.

This Is the System Working as Intended

The outcome of this case isn’t a malfunction of the legal system. Nope! It’s the legal system performing exactly as designed for corporate data breach litigation.

  • The class action mechanism consolidated what could have been thousands of individual lawsuits into a single case with a fixed payout cap. From a corporate liability management perspective, this is the optimal outcome: one settlement, one payment, total closure, no admission of fault.
  • The “no admission of wrongdoing” clause isn’t an aberration specific to this case, as frequent readers of this website will already know. It is a standard feature of virtually every data breach class action settlement in the United States. The legal system does not require companies to admit that they failed to protect your data; it requires only that they pay a negotiated sum to make the lawsuit go away.
  • The capped aggregate fund means Bray’s total liability was knowable before the final number of affected individuals was determined. Bray negotiated from a position of certainty about its maximum financial exposure while class members negotiated without knowing how many people were in the class or how much each person’s share would be worth.
  • The permanent waiver of “Unknown Claims” is legally enforceable because courts have routinely approved class settlements that include California Civil Code Section 1542 waivers. The law permits corporations to buy permanent immunity from future claims arising from a known event, including harms that haven’t happened yet.
  • The settlement notice explicitly states that class members who “do nothing” will receive no benefits but will still be bound by the release of all claims. Inaction isn’t neutrality. It’s instead, a participation in the settlement’s legal architecture without any of its financial benefits.

Explore by category

01

Antitrust

Monopolies and anti-competition tactics used to crush rivals.

View Cases →
02

Product Safety Violations

When companies sell dangerous goods, consumers pay the price.

View Cases →
03

Environmental Violations

Pollution, ecological collapse, and unchecked greed.

View Cases →
04

Labor Exploitation

Wage theft, worker abuse, and unsafe conditions.

View Cases →
05

Data Breaches & Privacy

Misuse and mishandling of personal information.

View Cases →
06

Financial Fraud & Corruption

Lies, scams, and executive impunity that distort markets.

View Cases →
07

Intellectual Property

IP theft that punishes originality and rewards copying.

View Cases →
08

Misleading Marketing

False claims that waste money and bury critical safety info.

View Cases →
Aleeia
Aleeia

I'm Aleeia, the creator of this website.

I have 6+ years of experience as an independent researcher covering corporate misconduct, sourced from legal documents, regulatory filings, and professional legal databases.

My background includes a Supply Chain Management degree from Michigan State University's Eli Broad College of Business, and years working inside the industries I now cover.

Every post on this site was either written or personally reviewed and edited by me before publication.

Learn more about my research standards and editorial process by visiting my About page

Articles: 1990