A class action settlement has been reached in the case of Hardy v. Pacific Guardian Life (PGL) Insurance Company, Ltd., arising from the August 2023 cybersecurity incident.
What happened
Without admitting wrongdoing, PGL agreed in 2025 to resolve the litigation through a classwide settlement that offers compensation for documented financial losses, reimbursement for time spent responding to the incident, and additional protections such as credit monitoring for all notified individuals. The settlement applies to anyone who received a data-breach notice from PGL, and class members may choose to submit a claim, opt out, object, or remain in the settlement and receive benefits if it is approved.
A Final Fairness Hearing is scheduled for January 13, 2026, before Judge Jordon J. Kimura in Honolulu, where the Court will consider whether to grant final approval of the settlement terms, requested attorneys’ fees and costs, and service awards for the representative plaintiffs.
The backstory
After cybercriminals accessed PGLs systems on or about August 25, 2023, exposing the personal and financial information of more than 167,000 individuals, a class action lawsuit was filed by plaintiffs including Hardy, titled Hardy v. Pacific Guardian Life Insurance Company, Ltd.
The plaintiffs alleged that PGL failed to protect sensitive data such as Social Security numbers, dates of birth, medical information, and payment card or bank account details, and asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, invasion of privacy, and violations of Hawaii law.
What was said
Prior to the settlement Console & Associates noted in a press release, “The data breach lawyers at Console & Associates, P.C. are investigating the Pacific Guardian Life Insurance (“PGL”) data breach that was reported after the company was targeted in a recent cyber security attack…In the end, PGL had confirmed that the hackers had access to the names, Social Security numbers, and financial account information on their system. The data breach had more than 160,000 victims.”
The bigger picture
The Pacific Guardian Life settlement fits into a broader pattern seen across the healthcare and insurance sectors, where organizations face both class-action exposure and regulatory scrutiny after data breaches involving highly sensitive information. One example is Solara Medical Supplies, LLC, which suffered a 2019 phishing attack that exposed diabetes-related medical data.
Solara later faced a major class action lawsuit and, in 2024, agreed to a $3 million HIPAA enforcement settlement with the HHS Office for Civil Rights (OCR). Similar to Solara, Pacific Guardian Life faced private litigation alleging failure to protect Social Security numbers and other identity-rich records, the same type of data that leads to long-term financial and medical identity theft.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQs
What triggers a class action against a healthcare organization?
A class action is typically filed when a breach or misconduct affects a large group of patients in a similar way, especially involving protected health information.
Who can join a healthcare data breach class action?
Anyone whose personal or medical information was compromised and who received a breach notification is generally eligible to participate.
Do patients need to pay to join a class action?
No, class members never pay out of pocket because attorneys’ fees come from a court-approved settlement or award.
Kirsten Peremore
