Benefits Firm Hit With Almost $9M Settlement in 2022 Data Breach
Human resources company Sequoia Benefits must pay $8.7 million in a settlement from a 2022 data breach that exposed the personal information of about 580,000 individuals, a federal court ruled in a court document filed Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The breach occurred in 2022 between Sept. 22 and Oct. 6, and the information accessed included names, Social Security numbers, wage data related to benefits, and medical information, according to filings in case 3:22-cv-08217. After two years of litigation, settlement negotiations began in October 2024. Judge Rita Lin of the U.S. District Court for Northern California approved the settlement Tuesday.
In addition to the monetary penalty, the settlement "also requires Sequoia to maintain meaningful data security practices that directly address the security elements that contributed to the breach or that might otherwise help prevent a future incident."