Brightline Agrees to $7 Million Settlement to Resolve Class Action Data Breach Lawsuit
Brightline Inc., a Palo Alto, CA-based provider of behavioral healthcare services for children and their families, has agreed to settle a class action data breach lawsuit for $7 million. The lawsuit, Terrance Rosa et al. v. Brightline, Inc., was filed in the U.S. District Court for the Southern District of Florida in response to a January 2023 data breach that affected approximately 1 million individuals. Hackers exploited a zero-day vulnerability in file transfer software (GoAnywhere) used by Brightline, which gave them access to sensitive consumer data including names, Social Security numbers, and insurance information.
The plaintiffs alleged that Brightline failed to implement reasonable and appropriate cybersecurity measures to protect sensitive consumer information and if those measures had been implemented, the data breach could have been prevented. Brightline chose to settle the lawsuit; however, it maintains there was no wrongdoing. Under the terms of the settlement, individuals who received a notification from Brightline that their information was involved in the data breach may submit a claim to recover documented losses incurred as a result of the data breach up to a maximum of $5,000.
Alternatively, class members may choose to receive a cash payment of $100. Individuals who were residents of California at the time of the data breach are entitled to claim an additional $100. The cash payments may increase or decrease depending on the number of claims received for reimbursement of losses and will be paid pro rata out of the remainder of the settlement fund after attorneys’ fees, legal expenses, and other costs have been deducted. All class members are entitled to claim three years of free credit monitoring services. Individuals who have already accepted the 2 years of free credit monitoring services previously offered by Brightline will be able to claim an additional year.
The deadline for filing an objection to or opting out of the settlement is January 9, 2025, and all claims must be submitted by February 26, 2025. The settlement has been granted preliminary approval and the final fairness hearing is scheduled for February 10, 2025. Further information on the settlement, including how to file a claim, is available on the settlement website – https://brightlinedatasecuritysettlement.com/
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
