Two SAG-AFTRA members have sued the actors guild’s health plan over a data breach that occurred in September, claiming those in charge failed to protect members’ data or even notify them of the breach in a timely manner.
The lawsuit, which was filed in the U.S. District Court of Central California on Thursday and obtained by TheWrap, charges the SAG-AFTRA health plan with negligence, deceit by concealment and violation of the California Confidentiality of Medical Information Act, among other counts.
The plaintiffs, Matthew Robillard and Kristy Munden, claim that the health plan went three months without informing members of a successful email phishing scam that exposed the personal information of an unknown number of SAG-AFTRA health plan recipients.
They also said they were not made aware of the breach until Dec. 2, more than two months after the Sept. 16 and 17 attack.
Because the full extent of the breach’s impact is unknown, the plaintiffs have asked the judge to maintain the lawsuit as a class action suit.
“This exfiltrated personal data, the full extent of which SAG Health has failed to disclose to the public, allows hackers to gain a clear image of each individual and track their whereabouts, leading hackers to each victim’s behavior and background,” the lawsuit reads.
Along with any damages granted by the court, the plaintiffs also seek a court order requiring the SAG-AFTRA health plan to revise and update its data security measures and to properly identify and notify all members affect by the breach.
TheWrap has reached out to representatives for the health plan for comment and will update with any response.