Acts Retirement Services, Inc. and Affiliates

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Overview of the ACTS Retirement Services Data Breach

In April 2022, ACTS Retirement Services, Inc., and its affiliates experienced a significant data breach that compromised the sensitive personal information of its employees. ACTS Retirement Services is a not-for-profit organization based in Pennsylvania, serving as the parent company of ACTS Retirement-Life Communities, Inc., and other affiliated ACTS companies. It is one of the largest not-for-profit owners, operators, and developers of continuing care retirement communities in the United States, with 26 locations across nine states[1].

Details of the Breach

The breach was discovered on May 2, 2022, after unauthorized access to ACTS Retirement Services’ network was detected on April 29, 2022. The compromised information included names, Social Security numbers, financial account information, and routing numbers of over 18,200 employees[1]. The breach led to a class action lawsuit filed by affected employees, alleging negligence in securing sensitive information and exposing victims to a heightened risk of identity theft and fraud[3].

Legal and Financial Repercussions

ACTS Retirement Services agreed to settle the class action lawsuit in January 2024, with a proposed settlement amount exceeding $1 million. The settlement aims to compensate nearly 21,000 affected individuals, including both employees and residents of ACTS facilities. The exposed information included not only financial details but also medical treatment or diagnosis information[5][6]. As part of the settlement, class members are eligible for up to $350 for out-of-pocket losses and can enroll in two years of credit monitoring and identity theft protection services. ACTS has also committed to implementing more robust cybersecurity measures as part of the settlement terms[3].

Response and Measures Taken

Following the incident, ACTS Retirement Services took immediate steps to remediate the compromised server and prevent further unauthorized activity. The organization initiated an investigation to determine the nature and scope of the breach and began notifying potentially affected individuals in July and October 2022. ACTS has continued to enhance its cybersecurity measures with the assistance of external specialists, including extending multi-factor authentication, implementing new technical safeguards, and updating data retention approaches[6].

Conclusion

The data breach at ACTS Retirement Services, Inc., underscores the importance of robust cybersecurity measures, especially for organizations handling sensitive personal information. The legal and financial consequences of the breach highlight the need for continuous vigilance and improvement in data protection practices to safeguard against future incidents.


References:

  1. Turke & Strauss LLP’s investigation into the ACTS Retirement Services data breach[1].

  2. PRNewswire’s report on Mease Life’s affiliation with Acts Retirement-Life Communities[2].

  3. ClassAction.org’s news on the class action lawsuit following the April-May 2022 data breach at ACTS Retirement Services[3].
  4. Bloomberg Law’s report on ACTS Retirement’s settlement over the data breach[5].
  5. McKnight’s Senior Living’s coverage of the data breach’s potential cost to ACTS Retirement[6].

Citations:

  1. https://www.turkestrauss.com/2022/06/28/acts-retirement-breach-investigation/
  2. https://www.prnewswire.com/news-releases/mease-life-affiliates-with-acts-retirement-life-communities-301944614.html
  3. https://www.classaction.org/news/acts-retirement-services-hit-with-class-action-following-april-may-2022-data-breach
  4. https://news.bloombergtax.com/tax-insights-and-commentary/secure-acts-require-prompt-action-from-retirement-plan-sponsors
  5. https://news.bloomberglaw.com/litigation/acts-retirement-to-pay-over-1-million-to-settle-breach-suit
  6. https://www.mcknightsseniorliving.com/home/news/data-breach-could-affect-21000-cost-senior-living-operator-1-million/
  7. https://news.bloomberglaw.com/privacy-and-data-security/acts-retirement-sued-over-data-breach-of-employee-personal-info
  8. https://skillednursingnews.com/2023/09/these-10-largest-nonprofit-nursing-home-providers-own-30-of-facilities-nationwide/
  9. https://apps.web.maine.gov/online/aeviewer/ME/40/f3631267-0885-4bdd-9949-773e1093686f.shtml
  10. https://www.mcknightsseniorliving.com/home/news/senior-living-a-growth-area-for-leadingage-ziegler-200-not-for-profit-providers/
  11. https://www.actsretirementdatasettlement.com/faqs
  12. https://skillednursingnews.com/2023/06/chatgpt-and-beyond-how-artificial-intelligence-is-shaping-the-future-of-nursing-home-operations/
  13. https://www.mass.gov/doc/assigned-data-breach-number-26817-acts-retirement-services-inc-and-affiliates-0/download
  14. https://www.usnews.com/info/blogs/press-room/articles/2023-05-04/u-s-news-reveals-2023-2024-best-senior-living-ratings
  15. https://www.law360.com/healthcare-authority/digital-health-technology/articles/1781970/acts-retirement-data-breach-suit-settlement-gets-initial-ok
  16. https://www.prnewswire.com/news-releases/acts-retirement-life-communities-to-celebrate-50th-anniversary-of-senior-living-leadership-301564197.html
Breach Submission Date Jul 15, 2022
Converted Entity Name Acts Retirement Services, Inc. and Affiliates
Converted Entity Type Healthcare Provider
State PA
Individuals Affected 2,236
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes