This class action details a “data incident” experienced by Horizon Actuarial Services, LLC, which sounds more like a ransomware attack, although it is not called that. The complaint alleges that the exposure of the personally identifiable information (PII) of those participating in its customers’ health plans was due to Horizon’s “negligent acts or omissions” and its “failure to protect” the PII it collected and stored.
The class for this action is all individuals in the US whose PII was accessed or stolen during the data breach experienced by Horizon Actuarial Services in 2021.
According to its Notice of Data Breach, Horizon offers technical and actuarial consulting services for benefit plans. On or around November 12, 2021, Horizon received an email from a group that claimed it had stolen data from its servers over the previous two days. Horizon, the complaint says, made a payment to the group for its “agreement that they would delete and not distribute or otherwise misuse stolen information.”
Sometime around January 9, 2022, Horizon determined that the group had accessed the PII of some two and a half million current and former customers. Horizon claims to have begun notifying the victims on or around January 13, 2022, but the plaintiff only received his notice, dated April 8, 2022, on April 14, which is more than five months after the data breach occurred.
The complaint alleges that, in collecting and using the information of health plan participants, Horizon “assumed legal and equitable duties to these individuals” to protect their information. The information stolen included names, dates of birth, health plan information, and Social Security numbers, among other things.
The cybercriminals are now able to offer this PII for sale on the dark web, the complaint says, and the victims cannot defend themselves from identity theft, which will remain a risk for the rest of their lives.
The complaint alleges that Horizon’s conduct, in not securing the information and in not warning its customers that it had not done so, “amounts to negligence and violates federal and state statutes.”
It claims that Horizon “could have prevented this Data breach by properly securing and encrypting Plaintiff’s and Class Members’ PII. Additionally, [Horizon] could have destroyed data, including old data that [Horizon] had no legal right or responsibility to retain.” Despite warnings about data breaches, the complaint claims, Horizon “failed to take appropriate steps to protect the PII…”
Although Horizon has offered the victims twelve months of identity monitoring services through Kroll, the complaint alleges that the services are not adequate to the threat they face.
The counts include negligence, breach of implied contract, and breach of fiduciary duty.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Horizon Actuarial Services Data Breach Complaint
April 28, 2022
This class action details a “data incident” experienced by Horizon Actuarial Services, LLC, which sounds more like a ransomware attack, although it is not called that. The complaint alleges that the exposure of the personally identifiable information (PII) of those participating in its customers’ health plans was due to Horizon’s “negligent acts or omissions” and its “failure to protect” the PII it collected and stored.
Horizon Actuarial Services Data Breach ComplaintCase Event History
Horizon Actuarial Services Data Breach Complaint
April 28, 2022
This class action details a “data incident” experienced by Horizon Actuarial Services, LLC, which sounds more like a ransomware attack, although it is not called that. The complaint alleges that the exposure of the personally identifiable information (PII) of those participating in its customers’ health plans was due to Horizon’s “negligent acts or omissions” and its “failure to protect” the PII it collected and stored.
Horizon Actuarial Services Data Breach Complaint