AFTRA Retirement Fund Hit with Class Action Over October 2019 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

The AFTRA Retirement Fund faces a proposed class action over an October 2019 data breach that reportedly compromised certain participants’ personal information.

Per the case, the defendant, who provides retirement benefits to actors, broadcasters and voice professionals, failed to adopt reasonable security measures to prevent the breach and neglected to notify those who were affected until more than a year after the incident occurred.

The lawsuit says that those affected by the breach now face a heightened risk of identity theft and fraud as a result of the AFTRA Retirement Fund’s apparent cybersecurity failures.

According to the suit, the AFTRA Retirement Fund was formed as a result of collective bargaining between the American Federation of Television and Radio Artists and contributing entertainment employees. The lawsuit says that the fund claims to be a separate entity from the Screen Actors Guild, also known as SAG-AFTRA. Per the case, the AFTRA Health Fund merged with the SAG-Producers Health Plan in 2017 to form the SAG-AFTRA Health Plan, which was thereafter supported by the AFTRA Retirement Fund as a business associate.

In February 2020, AFTRA notified several state attorneys general and many of its fund participants of a data breach in which the sensitive information of current and former SAG-AFTRA Health Plan members was compromised, the complaint relays. According to the suit, AFTRA received in October 2019 an alert of suspicious activity on its network and discovered that certain files and folders had been accessed by unauthorized parties between October 24 and October 28, 2019. 

The case goes on to state that AFTRA began notifying participants in the AFTRA Retirement Fund of the October 2019 breach on December 17, 2020—more than a year after it occurred and nearly 10 months after the state attorneys general were notified. Per the suit, AFTRA explained that participants in the AFTRA Retirement Fund, and not the health plan, had had their sensitive information exposed in the breach.

According to the case, the compromised information was limited to participants’ names, Social Security numbers, addresses and dates of birth.

In addition to claiming AFTRA’s “negligent and/or careless acts and omissions” were the cause of the data breach, the lawsuit chides the organization for its apparent failure to provide timely notice of the incident to affected fund participants.

As a result of AFTRA’s slow response, those affected by the breach “had no idea” that their personal information had been compromised, or of the fact that they faced a significant risk of identity theft and “various other forms of personal, social, and financial harm,” the suit says.

The lawsuit looks to cover anyone in the U.S. whose personally identifiable information was compromised in the data breach announced by AFTRA around December 17, 2020, as well as two proposed subclasses of California and Oregon residents who meet the same criteria.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.