AFTRA Retirement Fund Exposure of PII Class Action

This class action concerns yet another data breach, this time at the AFTRA Retirement Fund. The complaint alleges that AFTRA did not properly “secure and safeguard” personally identifiable information (PII) for current and former participants in the retirement fund. It claims AFTRA also did not accurate and timely information to victims of the breach.

The Nationwide Class for this action is all persons living in the US whose PII was exposed in the data breach announced by AFTRA on or around December 17, 2020. California and Oregon Subclasses have also been defined for people living in those states.

AFTRA—the American Federation of Television and Radio Artists—is a union for actors, broadcasters, and voice professionals. The retirement fund, the complaint says, “claims to be a separate legal entity from the well-known union, the Screen Actors Guild, also known as SAG-AFTRA.” There also exists a SAG-AFTRA Health Plan.

On October 28, 2019, AFTRA was warned of suspicious activity in its network. It found that certain files and folders had been accessed by hackers between October 24 and 28. The stolen PII included PII for the AFTRA Health Plan’s participants, including names, addresses, Social Security numbers, AFTRA numbers, dates of birth and death, as well as information about eligibility, dependents, claims, earnings, contributions, and so on.

On or around February 25, 2020, AFTRA notified certain state attorney generals and some of its participants about the data breach. However, according to the complaint, it was not until December 17, 2020—more than a year after the breach and ten months after the notice to the attorney generals—that AFTRA issued a Notice of Data Breach to tell participants in the Retirement Fund about the data breach. The Notice claimed that it was participants in the Retirement Fund and not the Health Plan that were affected by the breach.

The complaint contends, “AFTRA did not use reasonable security procedures and practices appropriate to the nature of the sensitive, unencrypted information it was maintaining for current and former participants in the AFTRA Retirement Fund, causing Plaintiffs’ and Class Members’ PII to be exposed.”

The complaint also alleges that the PII was compromised because AFTRA was negligent or careless in its handling of the information. It claims that information should have been properly encrypted and that equipment and files should have otherwise been protected.

But that’s not all: AFTRA had not provided timely notice to those affected: “[i]t took AFTRA four months to provide notice to the Health Plan members and over a year to notify the AFTRA Retirement Fund members.” According to the complaint, this delay increases the risks of the victims of the data breach.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

AFTRA Retirement Fund Exposure of PII Complaint

December 31, 2020

This class action concerns yet another data breach, this time at the AFTRA Retirement Fund. The complaint alleges that AFTRA did not properly “secure and safeguard” personally identifiable information (PII) for current and former participants in the retirement fund. It claims AFTRA also did not accurate and timely information to victims of the breach.

AFTRA Retirement Fund Exposure of PII Complaint

Case Event History

AFTRA Retirement Fund Exposure of PII Complaint

December 31, 2020

This class action concerns yet another data breach, this time at the AFTRA Retirement Fund. The complaint alleges that AFTRA did not properly “secure and safeguard” personally identifiable information (PII) for current and former participants in the retirement fund. It claims AFTRA also did not accurate and timely information to victims of the breach.

AFTRA Retirement Fund Exposure of PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy