August 24, 2023 – Investigation Complete, Lawsuit Filed
Thank you to everyone who reached out about the BrightSpring data breach. The investigation is now complete, and at least one lawsuit has been filed. You can read up on the case filing here.
Head over to this page to learn why you typically won't need to do anything to join a case like this.
We will post case updates to this page should they become available, but in the meantime, you can find a list of ongoing investigations here and have class action news sent right to your inbox by signing up for our free newsletter.
At A Glance
This Alert Affects:
Anyone who received a letter from BrightSpring Health Services informing them that their personal information may have been exposed in a data breach.
What’s Going On?
Attorneys working with ClassAction.org are investigating whether a class action lawsuit can be filed against BrightSpring over a data breach that reportedly exposed personal information belonging to over 535,000 individuals—including current and former employees of Equus Workforce Solutions.
How Could a Lawsuit Help?
A class action lawsuit could help compensate data breach victims for any damages they’ve experienced as a result of the breach. It could also potentially force BrightSpring to implement stronger data security.
Attorneys working with ClassAction.org want to hear from anyone who received a letter from BrightSpring Health Services stating that their personal information may have been compromised in a data breach.
The Kentucky-based health services provider recently notified state attorneys general that an unauthorized party had hacked into its computer systems between March 12 and 13, 2023 and accessed “employee information,” some of which belonged to former and current employees of Equus Workforce Solutions, a former subsidiary of BrightSpring.
The data breach reportedly affected 535,203 individuals and may have exposed their names, Social Security numbers and, for some, addresses and dates of birth.
The attorneys believe BrightSpring may have failed to take adequate steps to protect consumers’ personal information and are investigating whether a class action lawsuit can be filed to help compensate victims.
BrightSpring, Equus Workforce Solutions Data Breach: What Happened?
BrightSpring, which provides home- and community-based health services nationwide, notified the attorneys general of several states in mid-August 2023 of a data breach that affected more than 535,000 individuals. According to these reports, BrightSpring first learned of the breach on March 14 and, after investigating, determined that consumers’ personal information had been obtained from its computer systems on March 12 and 13.
Two sample data breachletters provided by the company indicate that BrightSpring “recently discovered” that the compromised data contained “employee information,” including payroll data from former subsidiary Arbor E&T, LLC, doing business as Equus Workforce Solutions. Per the letters, BrightSpring learned between late May and mid-June that the stolen files included consumers’ names, Social Security numbers and, for some, addresses and dates of birth.
BrightSpring has not indicated whether this incident is related to a previously reported data breach that took place on the same days and impacted subsidiary PharMerica. The national pharmacy network reported in May that “suspicious activity” was detected on its network on March 14 and determined that personal information had been stolen between March 12 and 13.
According to DataBreaches.net, ransomware group Money Message claimed responsibility for the PharMerica breach – which reportedly impacted over 5.8 million patients – and added both PharMerica and BrightSpring to their leak site. Money Message published what they claimed was all 4.7 terabytes of the stolen data on April 9, and the files were still available for download as of May 15, according to BleepingComputer.com.
How Could a Lawsuit Help Data Breach Victims?
A class action lawsuit could help compensate victims for any damages resulting from the breach, including:
Money spent obtaining credit reports and additional credit monitoring and identity theft protection services
Time spent dealing with the effects of the breach
Loss of privacy
Damage to credit
A lawsuit could also force BrightSpring to implement stronger data security to ensure that consumers’ information is protected from future attacks.