Insurance Firm Pays $21M in Data Breach Settlement

NEW YORK — Arthur J. Gallagher & Co., a New York-based insurance brokerage firm, has agreed to a $21 million settlement to resolve a class action lawsuit stemming from a 2020 data breach that exposed sensitive customer information.

The breach, which occurred between June 3 and Sept. 26, 2020, involved a ransomware attack that compromised various combinations of personal data, including names, Social Security numbers, tax identification numbers, driver’s licenses, passport information, dates of birth, usernames, passwords, and financial and credit card details. Some medical data, such as diagnoses, treatments, and medications, was also exposed.

Arthur J. Gallagher & Co. has denied any wrongdoing in the case. Eligible customers have been notified of the breach via mail and are now able to file claims under the settlement terms. The deadline to submit a claim is Feb. 10, with a final settlement hearing scheduled for Feb. 27.

Class members may receive compensation for documented losses, reimbursement for out-of-pocket expenses, and credit monitoring services. The settlement aims to address the financial and emotional toll on affected individuals, many of whom faced identity theft and fraud risks due to the breach.

This case highlights the growing threat of ransomware attacks on businesses and the increasing legal and financial consequences for companies that fail to protect customer data. According to cybersecurity experts, ransomware attacks have surged in recent years, targeting organizations across industries.

Arthur J. Gallagher & Co., one of the largest insurance brokerage firms globally, has since implemented enhanced cybersecurity measures to prevent future breaches. The company has not disclosed the specific ransomware group responsible for the attack.