THEY HAVE KNOWN SINCE AUGUST 2025 BUT NEVER SENT OUT NOTICES UNTIL FEB 11,2026
FROM THE LAWSUIT..
On or around February 11, 2026, Defendant began sending Notice to victims of the
Data Breach, stating:
The North Atlantic States Carpenters Health Fund and Pension Fund collectively the North Atlantic States Carpenter Benefit Funds
("NASCBF"), is writing to inform you of a data event that may involve some of your personal information. This letter provides you
with information about our response to date to the event and steps you can take to help protect your personal information. The confidentiality, privacy, and security of information in our care in
among our highest priorities… Upon discovering the incident, the NASCBF promptly launched an
investigation to determine what happened and what information may be involved. As part of the NASCBF's ongoing commitment to information security, it is currently reviewing the protocols, policies, and procedures to reduce the likelihood of a similar event occurring in the future. The NASCBF also notified law enforcement and will notify appropriate state and federal regulators, as required
FROM THE FUNDS WEB SITE
THE LAWSUIT DECLARES THE FOLLOWING INFORMATION WAS ACCESSED
20. Because of Defendant’s Data Breach, at least the following types of PII/PHI were
compromised:
a. Date of birth;
b. Social Security number;
c. Financial account or payment card information with access code;
d. Login credentials;
e. Tax information;
f. Military identification number;
g. Medical treatment;
h. History, or diagnosis information;
i. Health insurance information;
j. Biometric information;
k. Driver’s license or state issued identification number; and
l. Passport number, and/or license plate number
21. Currently, the precise number of persons injured is unclear. But upon information
and belief, the size of the putative Class can be ascertained from information in Defendant’s
custody and control. And upon information and belief, the putative Class includes thousands of
members—as it includes its employees/consumers.
AND 6 MONTHS LATER THE FUND IS ADVISING PARTICIPANTS TO MONITOR THEIR CREDIT REPORTS !!! PRICELESS
I WONDER HOW THIS WILL PUT A DAMPER ON CASH MCCARRONS MERGER PLANS
Another fine example of the lack of leadership at the top. No Show is at it again. Just pretend it didn't happen and deny it like everything else.
ReplyDeleteThis will only enhance McCarron’s take over claim as it shows total incompetence and complete lack of ability to lawfully safe guard confidential member information. Add this to the job recovery/ MOF fund mismanagement and the lawsuits, etc. and McCarron has all justification he needs to dissolve this council. It also should be noted that legitimate justification for a council dissolution was never needed in the past.
ReplyDeleteAgreed that this will be used as justification for Cash McCarrons already declared intentions. But this could blow up into something much bigger then just getting hacked because they sat on it for 6 months and they did not inform anybody. I would think any court would force them to pay for any financial losses incurred over the 6 months because fund participants were not advised to take immediate action to monitor their finances.Since August I have been getting 15-20 scam calls a day minimum wanting to loan me a million dollars. If the liability is big enough will McCarron want to put that on the NYC and Eastern Atlantic funds and more important would the PBGC let him
DeleteThose boobs are required to immediately notify the affected members of the data breach, six months is not immediate.
DeleteOn top of that every data breach I’ve been subject to has included credit monitoring for at least a year at no charge. Have affected members been offered any such free credit monitoring protection?
After six months and they have made no announcement as to how the breach happened?? How does any member no of there data is still at risk??
Prepared to be dissolved….
Total lack of transparency. God forbid the members are informed about their financial securities. Gross misconduct from the top and all of the trustees.
ReplyDeleteAlso an ERISA Fiduciary Breach charge with the EBSA for not informing fund participants
DeleteSix months without an announcement to all those affected?? Not acceptable or permissible under the law.
DeleteNo why the wait?? I’d bet one or all of the followings answers could apply:
1) The incompetent and over priced IT firm took too long to catch the breach,
2) The fund was notified by the IT department in a timely manner but the managers didn’t take action because it was a staffer or fund manager who got caught in a blatant fishing scheme,
3) The fund managers don’t want to admit that the fund password was and still is “Password” or “1234567890”
4) The fund managers thought the data breach was an “internal” issue in which the members didn’t need to know about.
Great work losers!!
What law firm represents the fund? And did they advise that sorry excuse for a EST not to tell the members
DeleteI’m sure they would’ve told the fund managers they had to notify the members asap once they found out about. But when were they told?? Not that it really matters. The fund managers are still on the hook regardless of what any law firm did or did not tell them to do.
DeleteYeah I just don’t understand why they didn’t tell the members thinking maybe it had some legal ramifications
DeleteThe legal ramifications are a consequence of NOT disclosing the breach.
DeleteNo one should expect turds to do any better than what a turd naturally does which is nothing.
So how does this affect the "merging" of the funds? If it goes through does the new fund assume the fallout of this security breach?
ReplyDeleteIt will have no effect whatsoever other than to provide more justification to merge the funds to protect the members from more incompetence.
DeleteThe reality is that the fund managers don’t care about data breaches, as long as those pay checks keep coming.