On December 2, 2024, we mailed notification letters to certain SAG-AFTRA Health Plan (Plan) participants (participants) whose information was involved in a data incident.

On September 18, 2024, we learned that an employee’s email account had been compromised. We immediately contained and remediated the issue, and with the assistance of leading third-party experts launched an investigation. The investigation determined that between September 17, 2024, and September 18, 2024, an unauthorized party accessed the contents of a single employee’s email account. We also began analyzing the data that was compromised by the unauthorized third-party; that process is ongoing. On October 3, 2024, we discovered that the email account contained personal information related to some Plan participants. This incident resulted from a phishing email, and it is important to note that our systems were not impacted. We have also notified law enforcement about this event.

Our investigation determined that the email account contained emails and attachments that included some participants’ names and Social Security numbers, and, in some cases, may also have contained information associated with claims and health insurance information, such as participants’ health plan participant identification numbers, if applicable.

We take this matter very seriously. After detecting this unauthorized access, we took immediate steps to identify and contain this incident and will continue to implement and evaluate enhanced safeguards and security measures to further protect our systems and reduce the likelihood of a similar future event. Participants are encouraged to be on the alert for any suspicious activity related to their financial accounts and credit reports. We encourage participants to regularly monitor their credit report, statements, and records to ensure that there are no transactions or other activities that were not initiated or authorized by them.

Participants should report any suspicious activity to their financial institution or service provider immediately. Additionally, we are offering complimentary identity monitoring services to participants whose Social Security numbers were involved.

We have set up a designated incident response line to answer questions about the incident. The incident response line can be reached at (888) 458-5706, available 6 a.m. – 6 p.m. PST, except for major U.S. holidays. We remain committed to protecting the confidentiality and security of the information in our care and apologize for the concern this may cause.

Sincerely, SAG-AFTRA Health Plan

Frequently Asked Questions (FAQs) 

Q. What happened?   

On September 18, 2024, we learned that an employee’s email account had been compromised. The Plan immediately contained and remediated the issue, with the assistance of leading third-party experts, and then launched an investigation. The investigation determined that between September 17, 2024, and September 18, 2024, an unauthorized party accessed the contents of a single employee’s email account. We also began analyzing the data that was compromised by the unauthorized third-party, that process is ongoing.  On October 3, 2024, we discovered that the email account contained personal information related to some Plan members. This incident was the result of a phishing email, and it is important to note that the Plan’s systems were not impacted. We have also notified law enforcement about this event.  

Q. When did The Plan discover the incident?  

On October 3, 2024, we discovered that the email account contained information related to some Plan participants. We learned that an employee’s email had been compromised on September 18, 2024.  
 
As soon as we learned of the email phishing incident, we immediately began a thorough investigation and worked with third-party experts to identify the potential access within the email account.  We take the protection of the information in our care seriously and worked hard to notify participants as soon as possible.   

Q. How did this happen? Was this a ransomware attack?  

This incident was the result of a phishing email, and it is important to note that the Plan’s systems were not impacted. This was not a ransomware attack. 

Q. What information/data is involved? 

The Plan’s investigation determined that the email account contained emails and attachments used for administrative operations included some participants’ names and Social Security numbers, and, in some cases, may also have contained information associated with claims and health insurance information, such as participants’ health plan participant identification numbers, if applicable.   

Q. Has this information been misused?

At this time, we have no indication that this information has been misused, however as a precaution, we encourage you to take steps to protect your information and enroll in the credit monitoring being provided.

Q. How can I find out if my information may have been affected by this incident? Why am I being informed now? 

On December 2, 2024, the Plan mailed notification letters to certain Plan participants whose information was involved in an email phishing incident.  
 
As soon as we learned of the email phishing incident, we immediately began a thorough investigation and worked with third-party experts to identify the potential access within the email account.  We also began analyzing the data that was compromised by the unauthorized third-party, that process is ongoing.   

Q. Does this incident only involve the SAG-AFTRA Health Plan? 

Yes. This incident involves SAG-AFTRA Health Plan only.  

It’s important to note that the SAG-AFTRA Health Plan is a separate entity from SAG-AFTRA, the SAG Producers Pension Plan, and the AFTRA Retirement Fund, which were not impacted by this incident.  

Q. Are the systems safe to use? 

Yes. The Plan has contained and remediated the email phishing incident. The Plan’s systems were not impacted, and it is safe to use our Plan’s systems, as well as our email. 

Q. What support and protection is the Plan offering to participants whose data may be involved?  

We remain committed to protecting the confidentiality and security of the information in our care and apologize for the concern this may cause. The Plan is offering complimentary credit monitoring services to participants whose data was involved. Please review the letter you were sent, which contains instructions on how to enroll and information about additional steps you can take in response to this incident. A designated call center has been established to help address questions about this incident. Additional information is available by calling the toll-free incident response line at (888) 458-5706 between the hours of 6 a.m. – 6 p.m. PST Monday through Friday.