“Despite the dire warnings about the severe impact of unauthorized data disclosures on Americans of all economic strata,” says the complaint for this class action, “companies still fail to put adequate security measures in place to prevent the unauthorized disclosure of private data about their customers or potential customers.” The defendant in this case is Horizon Actuarial Services, LLC, which experienced what appears to be a ransomware attack in November 2021.
The Nationwide Class for this action is all persons in the US whose personal information was accessed, compromised, or stolen as a result of the data breach announced by Horizon on or around April 13, 2022. A California Subclass has also been proposed, for those in the above class in California.
Horizon is a consulting firm whose website describes it as “providing innovative actuarial solutions to multiemployer benefit plans.” It offers its services to health, pension, and welfare plans in a variety of industries.
The complaint alleges that an unauthorized party gained access to Horizon’s systems from November 10 to 11, 2021, but that Horizon did not report the data for around five months after that. Horizon sent notices to the victims on or around April 13, 2022 and to state attorneys general’s offices on or around April 26.
The complaint quotes from the Notice provided to the victims: “On November 12, 2021, Horizon Actuarial received an email from a group claiming to have stolen copies of personal data from its computer servers. Horizon Actuarial immediately initiated efforts to secure its computer servers and with the assistance of third-party computer specialists, launched an investigation into the legitimacy of the claims in the email.”
The Notice, as quoted in the complaint, further stated that Horizon had “negotiated with and paid the group in exchange for an agreement that they would delete and not distribute or otherwise misuse the stolen information.”
The data breach exposed names, addresses, birth dates, and Social Security numbers and affected more than 1.3 million individuals.
The Notice was not only sent out too late, the complaint alleges, it was also “not legally compliant in that it does not detail whether the information was exfiltrated, unlawfully disclosed, or accessed as a result of the breach.”
The complaint alleges that Horizon did not provide reasonable and adequate security for the information maintained in its systems, putting the individuals at risk for becoming victims of cybercrime. The Federal Trade Commission (FTC) publishes guidelines for data security for businesses, and the complaint claims that Horizon’s failure to take reasonable and adequate measures constitutes an unfair trade practice under the Federal Trade Commission Act.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Horizon Actuarial Data Breach Complaint
May 13, 2022
“Despite the dire warnings about the severe impact of unauthorized data disclosures on Americans of all economic strata,” says the complaint for this class action, “companies still fail to put adequate security measures in place to prevent the unauthorized disclosure of private data about their customers or potential customers.” The defendant in this case is Horizon Actuarial Services, LLC, which experienced what appears to be a ransomware attack in November 2021.
Horizon Actuarial Data Breach ComplaintCase Event History
Horizon Actuarial Data Breach Complaint
May 13, 2022
“Despite the dire warnings about the severe impact of unauthorized data disclosures on Americans of all economic strata,” says the complaint for this class action, “companies still fail to put adequate security measures in place to prevent the unauthorized disclosure of private data about their customers or potential customers.” The defendant in this case is Horizon Actuarial Services, LLC, which experienced what appears to be a ransomware attack in November 2021.
Horizon Actuarial Data Breach Complaint