Brightline Inc., a Palo Alto-based provider of behavioral healthcare services, has agreed to a $7 million settlement in a class action lawsuit over a January 2023 data breach that affected about 1 million individuals.
Hackers exploited a vulnerability in file transfer software GoAnywhere to access sensitive data such as names, Social Security numbers, and insurance details.
The plaintiffs alleged that Brightline failed to implement proper cybersecurity measures, which could have prevented the breach. Although the company maintains there was no wrongdoing, it chose to settle.
Under the settlement, individuals who received notification of their involvement in the breach can submit claims for reimbursement of documented losses up to $5,000 or choose a $100 cash payment.
Those residing in California at the time of the breach may claim an additional $100. Class members are also entitled to three years of free credit monitoring, with an additional year for those who previously received two years of monitoring. Claims must be submitted by February 26, 2025, with objections or opt-outs due by January 9, 2025.
The settlement is pending final approval with a fairness hearing scheduled for February 10, 2025.