Abraham Jewett reports that a group of Horizon Actuarial Services retirement plan participants are trying to save their proposed class action lawsuit from dismissal by a judge. The litigation stems from a ransomware incident in November 2021.
The proposed class of more than 2 million Horizon retirement plan participants argue that the data breach was “easily foreseeable” and that it has injured them both emotionally and financially.
The group claim in their complaint—which was consolidated in January—that Horizon “failed abysmally” to protect personally identifiable information that the company “collected and profited from” and now “takes no responsibility for the data breach” having occurred.
The plaintiffs have also filed a motion for leave to amend their complaint.
Read more at Top Class Actions, which reports that the class action lawsuit is Sherwood, et al. v. Horizon Actuarial Services, LLC, Case No. 1:22-cv-01495, in the U.S. District Court for the Northern District of Georgia.
In March 2022, DataBreaches reported that the Georgia business associate had notified HHS that 39,418 patients were impacted by what they described as a hacking/IT incident. A statement on their website (link no longer working) explained that threat actors contacted them on November 12 about an attack on November 10 and 11 that impacted plan members and families of clients. As we reported in March:
Horizon forthrightly acknowledged that they paid the ransom demand:
During the course of the investigation, Horizon Actuarial negotiated with and paid the group in exchange for an agreement that they would delete and not distribute or otherwise misuse the stolen information.
They do not reveal who the threat actors were.
Subsequently, other clients of Horizon were identified, and by mid-June of this year, there were at least nine proposed class action lawsuits against Horizon.