Harvard Pilgrim Health Care has agreed to a $16.5 million settlement following a 2023 data breach, offering affected individuals cash payments, credit monitoring, and compensation for documented losses.
What happened
Harvard Pilgrim Health Care, now part of Point32Health/Tufts Health Plan, has reached a $16.5 million class‑action settlement following a 2023 data breach. Sensitive personal information, like Social Security numbers, medical histories, and insurance records, was compromised. Although the company denies wrongdoing, it has agreed to this settlement to resolve claims of inadequate cybersecurity.
The backstory
The breach was disclosed in 2023 when Harvard Pilgrim notified members that a cyberattack had led to unauthorized access to its systems. Plaintiffs alleged that the company failed to implement sufficient cybersecurity measures, leaving its data systems vulnerable to attack. In the lawsuit, victims claimed that the company’s lack of due diligence and security controls directly contributed to the breach. Harvard Pilgrim’s response to the incident was criticized because of the organization’s delay in notifying affected individuals.
Go deeper:
Going deeper
As part of the settlement, individuals affected by the breach are eligible for financial compensation and credit monitoring. Claimants can opt for a straightforward flat payment of $150 without submitting receipts or documentation. Alternatively, those who experienced specific losses, such as fraudulent charges, credit monitoring expenses, or time spent addressing the breach, can file a detailed claim for reimbursement of up to $2,500.
In cases involving exceptional circumstances, claimants may receive up to $35,000. Additionally, all affected individuals are entitled to three years of free credit monitoring. The deadline to submit a claim is August 25, 2025.
Why it matters
The Harvard Pilgrim case is an example of the financial and legal risks companies incur when they fail to protect customer information. Moreover, by offering both flat-rate and itemized compensation options, the settlement makes it easier for a broad range of affected individuals to seek relief.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
What is a data breach settlement?
A data breach settlement is a legal agreement that compensates individuals whose personal information was compromised due to a company's failure to protect their data.
Who is eligible to file a claim?
Eligibility typically includes individuals whose personal, financial, or medical information was exposed during the data breach, as identified by the company or a court.
How do I file a claim?
You usually file a claim online through the official settlement website by completing a form with your information and, if required, supporting documents.
Is the company admitting guilt by offering a settlement?
Not necessarily. Many settlements are made without the company admitting any wrongdoing or liability.
Tshedimoso Makhene
