Yet another data breach is the subject of this class action, this time against Horizon Actuarial Services, LLC. The data breach took place November 10-11, 2021, and the complaint alleges that Horizon bears responsibility because it “neglected to adequately invest in security measures” to protect the personally identifiable information (PII) it maintained in its systems.
A class and eight subclasses have been defined for this action.
- The Nationwide Class for this action is all natural persons living in the US whose PII was compromised in the data breach announced by Horizon on or around March 9, 2022.
- The eight state subclasses are for those in the above class who live in Arkansas, California, Idaho, Illinois, Louisiana, Nevada, North Carolina, and Oregon, respectively.
The complaint quotes Horizon’s website describing the company as “a leading consulting firm that specializes in providing innovative actuarial solutions to multiemployer plans.” A list roughly two pages long names various groups and unions for laborers, teachers, electricians, iron workers, actors, roofers, plumbers, teamsters, athletes, and others whose pension funds, retirement funds, health & welfare plans, or other benefit plans are customers of Horizon.
The complaint quotes Horizon’s website’s announcement about the data breach: “The investigation revealed that two Horizon Actuarial computer servers were accessed without authorization for a limited period on November 10 and 11, 2021. … The types of information impacted may include names, dates of birth, Social Security numbers, and health plan information.”
The complaint alleges, “The PII contained in the files accessed in the Data Breach was not encrypted or redacted.”
Although the data breach took place in November, the complaint alleges that Horizon delayed in informing its customers and the individual victims, telling the plans only around January 13, 2022 and individuals around March 9, 2022. The complaint alleges that notices to attorneys general were even later, sometimes as long as six months after the data breach.
The complaint claims, “By obtaining, collecting, using and deriving benefits from Plaintiff’s and Class Members’ PII, [Horizon] assumed legal and equitable duties and knew or should have known that it was responsible for protecting said PII from unauthorized disclosure.” It claims that Horizon could have prevented the data breach by encrypting the files or otherwise properly protecting them. Also, the complaint claims, Horizon had a duty to inform the individual victims promptly of the exposure of their information, and did not do so.
Because many high-profile hacks have been reported in the recent past at prominent companies, exposing the private information of millions of consumers or users, the complaint alleges that Horizon was on notice that it could be the target of cybercriminals.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Horizon Actuarial Services 2021 Data Breach Complaint
November 10, 2022
Yet another data breach is the subject of this class action, this time against Horizon Actuarial Services, LLC. The data breach took place November 10-11, 2021, and the complaint alleges that Horizon bears responsibility because it “neglected to adequately invest in security measures” to protect the personally identifiable information (PII) it maintained in its systems.
Horizon Actuarial Services 2021 Data Breach ComplaintCase Event History
Horizon Actuarial Services 2021 Data Breach Complaint
November 10, 2022
Yet another data breach is the subject of this class action, this time against Horizon Actuarial Services, LLC. The data breach took place November 10-11, 2021, and the complaint alleges that Horizon bears responsibility because it “neglected to adequately invest in security measures” to protect the personally identifiable information (PII) it maintained in its systems.
Horizon Actuarial Services 2021 Data Breach Complaint