Compliance March 13, 2024

Plaintiffs Request Judge Approve Settlement in ERISA Data Breach Lawsuit

Attorneys for the plaintiffs in a case about cybersecurity liability for participant data asked a Georgia federal judge for final approval of a multimillion dollar settlement .

Reported by

Noah Zuss

Retirement plan participants whose personal identifiable information was exposed in a 2021 data breach have asked a Georgia federal judge to approve an $8.733 million agreement to resolve allegations, which claimed national consultant Horizon Actuarial Services LLC failed to safeguard their sensitive data.

The plaintiffs’ attorneys are seeking final approval from the court of the proposed class action settlement. The settlement would resolve all claims related to the data security incident on behalf of the settlement class of approximately 4,386,969 individuals nationwide. The case is Justin Sherwood, et al. v Horizon Actuarial Services LLC.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter. 

The plaintiffs’ attorneys write that agreement negotiated between the parties is “a fair, adequate and reasonable settlement, which guarantees members of the settlement class will receive significant compensation in direct reimbursements for the benefit of all class members.”

Per the proposed settlement, members may self-certify the amount of time they actually spent resolving issues related to the data security incident.

Horizon has agreed to pay the total settlement amount into a fund to be used to make payments to settlement class members, administrative expenses, and attorneys’ fees and expenses.

Settlement class members’ are eligible for total reimbursement for any out-of-pocket losses together with any repayment for time losses is capped at $5,000.

If approved, the settlement dismisses with prejudice all claims of the class against Horizon in the action, without costs and fees except as explicitly provided for in the settlement agreement.

On March 11, attorneys for the class of plaintiffs filed a memorandum in support of their motion and two briefs to support their contention the settlement should be approved.

“The question of liability on the part of service providers to plans for cyberattacks is an emerging issue,” says Drew Oringer, partner in and general counsel at the Wagner Law Group, which was not involved in the litigation. “This settlement is a reminder to recordkeepers and other service providers that the occurrence of a data breach could have significant financial ramifications for providers that may be accused of not having done enough to protect participant data.”

Earlier this year, U.S. District Court Judge Eleanor L. Ross scheduled the final approval hearing for Thursday, April 4.

Plan sponsors, which provide Employee Retirement Security Act-regulated retirement plans and other benefits must consult the Department of Labor’s Cybersecurity Program Best Practices, if they have not previously, adds Oringer.

The parties have agreed to use legal services provider Epiq as the claims and settlement administrator.

The opt-out and objection deadlines have passed. Some 102 individuals have opted out of the settlement. No objections to the settlement have been received by the settlement administrator, but two objections have been submitted to the court and entered on the docket.

The court previously granted preliminary approval of the proposed settlement in September 2023.

The original complaint was filed in U.S. District Court for the for the Northern District of Georgia, Atlanta Division, in 2022.

Justin Sherwood, the lead plaintiff in the case alleged Horizon Actuarial Services LLC, a provider of actuarial and administrative services to retirement plans and other client types, failed to properly secure and safeguard sensitive personally identifiable information provided by and belonging to its customers.

The complaint alleged Horizon experienced a data security incident in November 2021 during which unauthorized third parties gained access to its network and file server.

Horizon investigated the cause, scope of the incident and determined that files containing plaintiffs and settlement class members’ names, address, Social Security numbers, benefit plan enrollment data and dates of birth were accessed without authorization and reported stolen.

Representatives of Horizon did not respond to a request for comment; nor did attorneys for the plaintiffs and defendant.

You Might Also Like:

Benefits | March 27th, 2025

Social Security Administration Clarifies Identity Proofing Requirements

The SSA extended, for two weeks, the launch of new identity-proofing requirements and made an exception for those applying for...

Opinions | March 27th, 2025

DOL Cybersecurity Guidance and Health and Welfare Plan Gaps

All benefit plans must follow the U.S. Department of Labor’s cybersecurity guidance, not only retirement plans, writes a partner at...

Compliance | March 24th, 2025

Federal Judge Blocks DOGE from Obtaining Social Security Data

The restraining order was issued days before a nomination hearing for Frank Bisignano, Trump’s nominee for commissioner of the Social...

Compliance March 13, 2024

AT&T Sued Over 2023 Pension Risk Transfer with Athene Annuity and Life

Retirees alleged that AT&T shifted its pension responsibilities for 96,000 participants to a ‘risky’ insurance company, according to the lawsuit.

Reported by

Remy Samuels

After conducting an $8.05 billion pension risk transfer in May 2023 and offloading 96,000 of its plan participants and beneficiaries, AT&T Inc. was sued by four former participants on Monday.

The former participants, represented by law firm Libby Hoopes Brooks & Mulvey, PC, claimed that AT&T’s decision to conduct the PRT with Athene Annuity and Life Company placed its retirees in danger and that AT&T and its independent fiduciary, State Street Global Advisors Trust Co., stood to gain from the transfer. The lawsuit, Piercy et al v. AT&T Inc. et al, was filed March 11 in the U.S. District Court for the District of Massachusetts.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter. 

The pension deal secured AT&T approximately $363 million in profit, according to court documents. Because of the transaction, AT&T and the retirement plan are no longer required to pay annual flat-rate PBGC premiums for the 96,000 participants terminated from the plan, which will save AT&T more than $9.6 million annually, the lawsuit also stated.

“Although AT&T is worth more than $100 billion, and is the world’s fourth-largest telecommunications company, the company decided to fatten its wallet by placing its retirees’ futures in the hands of a risky new insurance company that is dependent on its Bermuda-based subsidiary and which has an asset base far riskier than AT&T’s,” the lawsuit stated.

Citing a 2022 analysis from NISA Investment Advisors, the former participants say Athene is in a new class of private equity-backed insurers engaged in the “shadow banking” sector. The NISA report argued that Athene is not a safe annuity choice for ERISA fiduciaries and is riskier than other traditional annuity providers, claiming its reliance on a Bermuda-based subsidiary.

According to the lawsuit, one-fifth of Athene’s portfolio is invested in “risky asset-backed securities and leveraged loans made to companies highly in debt.” It also states that approximately 80% of Athene’s PRT liabilities are reinsured through Bermuda affiliates owned by Athene’s parent, Apollo.

Athene objected to the NISA analysis, arguing that any plan sponsor contemplating a PRT with the insurer would be advised by an independent fiduciary that would review the insurer’s financial condition. Athene also argued that NISA is biased because it is an asset manager and its business suffers when companies pull their pension assets to PRTs.

The plaintiffs further claimed that AT&T and State Street selected Athene because it was the cheaper option and that the company could have opted for safer, traditional annuity providers that have a “proven record of financial strength necessary to shoulder such large and important obligations over a period of many decades.”

As a result, the lawsuit alleged that AT&T and State Street breached their fiduciary duties under ERISA by mismanaging participants’ retirement benefits by putting them in the hands of Athene.

IB 95-1, issued by the Department of Labor in 1995, outlines the fiduciary standards that a plan sponsor must use when selecting an annuity provider for a pension risk transfer. The rule requires pension fund sponsor to consider the provider’s investment portfolio, size relative to the annuity contract, level of capital and surplus, liability exposure and availability of state government guaranty associations.

The SECURE 2.0 Act of 2022 required the DOL to review IB 95-1 and recommend possible modifications to Congress by the end of 2023, but modifications have yet to be released.

The former participants are seeking AT&T to guarantee the retirement benefits that were part of workers’ employment bargain with AT&T and which those workers earned through their service to AT&T. They also seek monetary relief from AT&T and State Street, including the profit the plaintiffs say the companies earned from the PRT.

A spokesperson at AT&T stated, “We deny the allegations and we will defend ourselves in court.”

You Might Also Like:

Compliance | March 18th, 2025