New York Labor Union Settles Data Breach Lawsuit for $6 Million
The New York-based labor Union, UNITE HERE, has agreed to pay $6 million to resolve a consolidated class action lawsuit that alleged a failure to implement appropriate cybersecurity measures to protect the sensitive data it held. On October 20, 2023, UNITE HERE identified unauthorized access to its systems. Hackers were determined to have breached its network and gained access to files containing the personal and protected health information of members of certain local unions and health funds.
It was not possible to determine exactly how many people were affected, so the decision was taken to send notification letters to all 791,273 potentially affected members. Data compromised in the incident included names, Social Security numbers, driver’s licenses, state identification numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical information.
Class action lawsuits were filed by union members, which were consolidated into a single lawsuit – In Re UNITE HERE Data Security Incident Litigation – in the United States District Court for the Southern District of New York. In addition to negligence, the consolidated lawsuit asserted claims of breach of implied contract, unjust enrichment, breach of confidence, and a violation of the New York Deceptive Trade Practices Act. UNITE HERE denied the claims but opted to settle the lawsuit with no admission of liability or wrongdoing to avoid the costs and uncertainty associated with continuing the litigation.
Under the terms of the settlement, class members may submit claims for up to $5,000 for reimbursement of documented, unreimbursed out-of-pocket losses linked to the data breach, and all class members, irrespective of whether they submit a claim for losses, are entitled to a pro rata cash fund payment. The cash payments will be paid after all costs, expenses and claims have been paid, with the cash award dependent on the number of valid claims received. In addition, class members are entitled to claim 2 years of credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The deadline for exclusion and opting out of the settlement is April 11, 2025. Claims must be submitted by April 28, 2025, and the final fairness hearing has been scheduled for May 12, 2025.
