horizon data breach

UNITE HERE Retirement Fund are Victims of the Horizon Actuarial Data Breach

UNITE HERE Retirement Fund was just added to the list of groups that had members impacted by the Horizon Actuarial Services data breach.

As reported earlier this month (see original story here), on March 25th Horizon Actuarial Services (Horizon) reported a “privacy incident” that culminated with the payment of ransomware to a group that claimed to have “stolen copies of personal data” from Horizon’s computer servers.

Initially, fourteen benefit plans, health funds, and trusts were identified as organizations impacted by the extortion. The addition of UNITE HERE Retirement Fund brings the total number of funds with affected members to 34.

According to the most updated notice issued on April 18, 2022, 224,766 participants of the UNITED HERE Retirement Fund may have been affected by the breach. Personal information, including Social Security Numbers, names, dates of birth, and health plan information, may have been stolen.

A copy of the Horizon Actuarial Services California Data Breach Notice can be found here.

UNITE HERE is a labor union representing approximately 300,000 people who work in the hotel, gaming, food service, manufacturing, textile, distribution, laundry, transportation, and airport industries.

UNITE HERE has 8 local chapters in California that serve members throughout the state, including:

  • San Francisco
  • Los Angeles
  • Orange County
  • San Jose
  • San Diego
  • Sacramento
  • Monterey
  • Oakland

Participants in data breach lawsuits can recover damagesinjunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being stolen again) and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from recurring.

Businesses Should Be Held Accountable for Data Breaches

When businesses collect and keep personal data about California consumers or their families, under California law they take on the obligation to protect that information and keep it safe from hackers, thieves, and other criminals.

This personal data is incredibly valuable, both to businesses and to criminals who want to sell that information on the dark web to identity thieves and other black marketeers. However, “it is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers.”[1] The stakes are high as data breach victims are more likely to also be victims of additional fraud.[2]



[1] Source: K. Harris, former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).

[2] Same.