SAG-AFTRA Health Plan Faces Class Action Lawsuit Over Data Breach

Union members allege negligence and delayed notification following a phishing attack that exposed sensitive personal information.

Two SAG-AFTRA members, Matthew Robillard and Kristy Munden, filed the lawsuit in the U.S. District Court of Central California on December 5, 2024.
The breach occurred in mid-September and exposed personal data, including names, Social Security numbers, and medical details, through an email phishing attack.
The plaintiffs claim the health plan failed to implement adequate security measures and delayed notifying members until December 2, nearly three months after the breach.
The lawsuit seeks class action status, at least $5 million in damages, and a court order to improve security protocols and member notification processes.
Members reportedly face increased risks of identity theft, fraud, and other financial harms due to the compromised data.