Table of Contents
Understanding the Horizon Data Breach Settlement
In November 2022, millions of Americans received notices in the mail regarding potential payouts from a class action data breach settlement involving Horizon Actuarial Services. As someone impacted by this case, you likely have questions about the validity and specifics of the proposed resolution. In this in-depth blog post, I aim to provide a comprehensive overview of the Horizon data incident and settlement to help readers understand if payments are legitimate.
Background on Horizon and the Data Breach
Let’s start with some background on Horizon Actuarial Services. Founded in 1999 and headquartered in Southfield, Michigan, Horizon is a benefits consulting firm that works with retirement plans, primarily assisting with actuarial services, compliance issues, and plan administration support. By 2021, they had grown to serve over 1,000 retirement plans and more than $30 billion in total plan assets.
However, in November of that year, Horizon discovered a significant data security breach had occurred. Hackers were able to gain unauthorized access to Horizon’s internal systems and networks and steal a massive trove of sensitive personal information. The stolen data included names, Social Security numbers, dates of birth, home addresses, financial account details, and more for over 1 million individuals.
Nearly all of Horizon’s clients and their plan participants were impacted by this cyberattack. Understandably, it caused major concerns over the increased risks of identity theft, financial fraud, and other harms now facing consumers whose privacy had been violated. As is typical in such cases, class action attorneys launched an investigation and ultimately filed a lawsuit against Horizon on behalf of affected consumers.
Allegations in the Class Action Complaint
In the class action complaint filed in April 2022, attorneys argued Horizon failed to properly safeguard and protect consumers’ private information. Key allegations made against the company included:
- Failing to implement reasonable data security practices and protocols to detect and prevent unauthorized access to systems.
-
Storing sensitive files in an unencrypted format without necessary protections in place.
-
Not taking prompt action to identify the full scope of the breach and who was impacted after first discovering anomalous activity.
-
Not providing timely and adequate notice to affected consumers about risks to their personal information and what steps should be taken.
The lawsuit contended these issues constituted negligence and other claims under various state privacy and consumer protection laws. It sought to compel Horizon to pay damages and implement stronger security measures to prevent future incidents.
Mediation and Settlement Talks Progress
Over the next 9 months, the two sides engaged in extensive mediation and settlement discussions facilitated by an experienced judge. Dozens of documents were exchanged, depositions taken of key personnel at Horizon, and legal briefs submitted evaluating the strengths and weaknesses of each position.
By February 2023, it became clear the size and scope of the breach, combined with plaintiffs’ privacy concerns, created significant liability risks if the case went to trial. As a result, the parties were able to reach a tentative class action settlement in principle.
Still, the agreement required finalizing specific terms, filing official settlement papers with the court, providing notice to the class, and ultimately receiving judicial approval to take effect. This process would take several more months to unfold.
Key Provisions of the Proposed Settlement
Under the terms of the proposed class action settlement, Horizon will establish a $7.75 million non-reversionary fund. This money will be used first towards class member payments, then any remainder divided between additional individual awards and data security improvement initiatives.
Eligible class members who submit approved claims are set to receive approximately $25 each as part of the basic individual relief amount. Payments are not based on the type or severity of harm experienced, but rather aim to resolve all claims in an efficient manner.
Horizon has also agreed to update security practices, hire a Chief Information Security Officer, conduct regular audits, undergo independent assessments, and take other compliance measures moving forward. For their part, plaintiffs have recommended approval and agreed to dismiss all pending legal claims with prejudice upon completion.
Still, the agreement remains subject to formal judicial review and acceptance before being deemed final and binding on class members. This is a standard legal process that ensures fairness and protects absent parties who did not directly negotiate the settlement terms.
Notices, Objections, and Final Approval
After filing the settlement with the court in late May, an independent administrator was tasked with overseeing class notice activities. Direct emails and mailings were sent to over 1 million potentially affected individuals, along with publication in major papers and on dedicated settlement websites.
These notices informed class members of their right to object to or opt-out of the proposed deal prior to a final approval hearing scheduled for September. Only a small fraction chose to exclude themselves or lodge objections with the court relating to issues like the sufficiency of relief, notice methods, attorneys’ fee request, and other settlement terms.
At the final approval hearing, both sides urged the presiding judge to accept the settlement, citing its fairness, adequacy and reasonableness. In a lengthy ruling, the court agreed to grant final approval as the negotiated resolution appeared to represent the best possible outcome for absent class members given litigation risks.
With all appeals periods now expired without further objections, the settlement is ready to move into the distribution process phase and bring this long-running case to a close for over 1 million Horizon data breach victims.
Conclusion
In summary, this blog post has provided an extensive yet comprehensible explanation of the sequence of events surrounding the Horizon Actuarial Services data breach, the related class action and negotiations that followed, key settlement provisions, and the approval process it underwent to become final and binding on class members.
The thorough judicial review and opportunities for objections help validate the settlement as fair and legitimate. Eligible consumers who submit timely claims should therefore feel confident funds are forthcoming to compensate for harms arising from this unfortunate privacy incident. I hope this overview has answered any outstanding questions and clarified the situation.
Be the first to comment