Skip to main content
A man sees his private data publicly available online, prompting him to consider filing an AI lawsuit

SAG-AFTRA Health Plan Data Breach Investigation

The Data Breach Lawyers at The Lyon Firm are investigating data breach claims after SAG-AFTRA Health Plan, a provider of health benefits to tens of thousands of media professionals, discovered unauthorized access to an employee’s email account. A data theft incident has been reported to The California Attorney General and the organization will begin contacting individuals to explain exactly what information may have been compromised.

Contact our data privacy attorneys to learn more about how to protect yourself following a data security incident. It is critical to minimize the risks of fraud and identity theft when your data has potentially been leaked. Medical identity theft is more common than most think, and legal action can help compensate individuals for damages that may occur.

What Happened at SAG-AFTRA?

On December 2, 2024, the SAG-AFTRA Health Plan announced a data breach that originated from a phishing attack. The alleged account breach was detected on September 18, 2024, and third-party cybersecurity consultants were hired to investigate the breach.

It was later determined there was a phishing attack and an unauthorized access to an email account from September 17 to September 18. It was also confirmed that the protected health information (PHI) of certain health plan members had been exposed. Potentially compromised data includes the following: names, Social Security numbers, claims information and health plan identification numbers.

The incident has been reported to the HHS’ Office for Civil Rights, however their site does not detail how many individuals have been affected. Data breach notification letters have been sent out to all impacted by the event. According to these sources, SAG-AFTRA learned that an employee email account had been compromised months ago.

SAG-AFTRA Health Plan, based out of Burbank, California, provides health benefits to tens of thousands of eligible media professionals and their dependents.

Our lawyers believe strongly that any company that collects and stores your medical and personal data has a duty to keep it safe. If an entity is negligent and data is stolen from systems, plaintiffs may take legal action. Call us for a free consultation and case review.