California Consumers Warned About Horizon Actuarial Services Data Breach
Updated: Apr 9
Horizon Actuarial Services, which provides technical and actuarial services to various U.S. benefit plans, including the Major League Baseball Benefits Plan and the National Hockey League Players' Health and Benefits Fund, reported a data privacy incident involving:
· Social Security numbers
· Dates of Birth
· Health Plan Information
Identity monitoring services provided by Kroll are being offered to recipients of the Data Breach Notice.
According to the company, on November 10 and 11, 2021, Horizon Actuarial’s servers were accessed without authorization. The following day, Horizon was contacted by a group claiming to have stolen copies of personal data originating from its computer servers. The company reported in its Data Breach Notice that it paid the group in exchange for an “agreement that they would delete and not distribute or otherwise misuse the stolen information.” Unfortunately, paying a ransom does not guarantee that a cyber threat actor will delete stolen data. (See, FBI Scams and Safety, https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware, last accessed April 6, 2022.)
A copy of the Horizon Actuarial Services California Data Breach Notice can be found here.
Benefit Plans Participants and Family Members Who May Be Affected:
· Local 295 IBT Employer Group Welfare Fund
· Major League Baseball Players Benefit Plan
· National Hockey League Players' Health and Benefits Fund
· OCU Health & Welfare Trust
· OCU Pension Trust
· Rocky Mountain UFCW Health Benefit Plan for Retired Employees
· Rocky Mountain UFCW Retail and Meat Pension Plan
· Teamsters Local 295 Employers Group Welfare Trust
· Twin Cities Bakery Drivers Pension Fund
· UA Local 198 Pension Fund
· UFCW & Employers Benefit Trust
· UFCW Comprehensive Benefit Trust
· UFCW Intermountain Health Fund
· UFCW Local 711 & Retail Food Employers Benefit Fund
To read more about the Horizon Actuarial Data Breach Notice, click here
California Laws That Protect Data Breach Victims
California residents who received a Horizon Actuarial Services Notice may be entitled to between $100 and $750 or their actual damages, whichever is greater. ¹
The California Customer Records Act (CCRA) requires businesses to put into place and maintain reasonable security procedures and practices that protect a consumer’s personal information. More comprehensively, the California Consumer Privacy Act (CCPA) contains many protections for the personal information of California residents.
Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again) and anything else a court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.
A team of experienced attorneys is currently investigating whether Horizon Actuarial Services
violated its obligation to maintain reasonable security procedures and practices to protect its customers’ personal information. To contact someone on our team, click here.
How do I know if my identity has been stolen?
Signs that your identity may have been stolen include:
o you see unfamiliar charges on your credit or debit cards
o you have bank account withdrawals that you can’t account for
o you are getting medical bills for services you didn’t get
o you are getting called by debt collectors for debts that aren’t yours
o shops won’t take your personal checks
o you stop getting bills that you usually get in the mail
o you get a notice from that IRS that (1) there is more than one tax return filed in your name or (2) you have income you failed to report and don’t recognize²
o your email address or phone number come up on http://haveibeenpwned.com/ as part of a data breach
What steps can I take to safeguard my data from cyber-thieves?
There are many actions you can take to safeguard you personal data, including:
(a) Review your credit reports
(b) Review your account statements
(c) Remain vigilant and respond to suspicious activity
(d) Consider placing a "fraud alert" with one of the three nationwide credit bureaus
(e) Be aware that you have the right to place a “security freeze” on your credit report
What Is The Difference Between A “Credit Freeze” and A “Fraud Alert”?
A credit freeze the strongest step you can take to prevent fraudulent accounts being opened under your name. A credit freeze prevents a credit bureau from sharing your information with others. You can put a credit freeze in place with each of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
If you put on a credit freeze, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. It costs nothing to put a credit freeze in place, lasts indefinitely, and will not affect your credit score.
However, if your credit card information has been compromised, a credit freeze will not prevent a cyber-thief from making purchases with your stolen card. Cancelling the card and getting a new card with a different number is the only way to stop such transactions from taking place.
You can also place a fraud alert on all of your credit reports. Fraud alerts are free and are a flag for potential credit providers that you may have been a victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unfreeze your account. Fraud alerts can last one to seven years, and can be lifted by you at any time. Once you put a fraud alert in place at one credit bureau, it will alert the other two for you.You can put a fraud alert in place with any of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
What do I do if I think I am the victim of identity theft?
The Federal Trade Commission has created a website to guide you through the process of reporting identity theft and creating an action plan. That link can be found here.
The California Attorney General’s Office has also put together an Identity Theft Victim Checklist to help identity theft victims clear up their records.³
We Can Help You Exercise Your Rights
Every case is unique. Even when your data has been part of a breach, you may not necessarily be awarded compensation. Experienced data breach class action attorneys can help you exercise your rights and evaluate your options and decide whether you are entitled to compensation under the CCPA. There are no out of pocket costs to you, as we only get paid if we prevail.
For more information on your legal options, please contact us using the form found here
Links on this website are not intended to be referrals to or endorsements of the linked entities or imply any relationship to the linked site or its operator.
¹ California Civil Code § 1798.150 ² https://www.consumer.ftc.gov/blog/2022/02/how-tell-if-someone-using-your-identity ³ https://oag.ca.gov/idtheft/facts/victim-checklist