Countrywide, now owned by Bank of America, will provide free credit monitoring for up to 17 million people whose financial information was exposed, according to the settlement. That group includes anyone who obtained a mortgage and anyone who used Countrywide to service a mortgage before July 1, 2008.
People could be reimbursed up to $50,000 for each time their identity was stolen. They would have to prove they lost something of value, weren't already reimbursed and that the theft stemmed from the Countrywide breach.
U.S. District Judge Thomas B. Russell of Paducah, who oversaw more than three-dozen lawsuits related to the security breach, granted class-action status to the lawsuit and gave final approval of the settlement Monday.
Russell wrote in his 21-page ruling that the settlement provides immediate relief for possible identity theft victims - relief that would likely have been delayed as appeals wound through the courts.
"This settlement provides safeguards that would not otherwise be available to millions of people, at a time when such measures are needed most," Russell wrote.
Shirley Norton, a spokeswoman for Bank of America, said the company denies all allegations of wrongdoing or liability in the case.
"We settled because we believe it is in the bank's best interest to settle the suit and avoid the additional expense and uncertainty of further litigation," Norton said.
Plaintiffs' attorneys Ben Barnow and Daniel Haviland did not immediately return messages seeking comment.
A group of about 3,000 people affected by the identity theft objected to or opted out of the settlement, saying two years of credit monitoring isn't enough or that the settlement didn't do enough to make amends.
Russell noted that about 630,000 people visited the settlement web page, 500,000 called the toll-free number for information about the settlement and 500,000 requested detailed notice of the settlement.
Plaintiffs attorneys will receive $3.5 million in fees for their work.
Attorneys for the plaintiffs say Countrywide Financial had all their clients' financial information including mortgage information, credit card, and Social Security numbers and birth dates.
The lawsuits stem from the arrest of Rene Rebollo Jr., of Pasadena, Calif., a former senior analyst for Countrywide, and Wahid Siddiqi, of Thousand Oaks, Calif. Federal investigators said Rebollo used a flash drive to download data from about 20,000 customers a week for two years from 2006 through August 2008.
Rebollo then sold the information to Siddiqi for $500 and earned a combined $50,000, federal investigators said. Siddiqi pleaded guilty in 2009 to 10 counts of fraud and admitted to selling the information to third parties, including an undercover FBI agent.
Rebollo has pleaded not guilty to a new indictment handed up in May and is awaiting trial.
Countrywide has said that it worked closely with the FBI and federal investigators and that the security breach does not appear to have resulted in anyone's identities being stolen.