The Mystic Valley Elder Services based in Malden, Massachusetts decided to pay $520,000 to resolve a combined class action litigation associated with a data breach in April 5, 2024. Unauthorized individuals accessed the system of Mystic Valley Elder Services and possibly stole the names, birth dates, passport numbers, payment card numbers, financial account details, online credentials, taxpayer ID numbers, driver’s license numbers, Social Security numbers, medical insurance data, and health data of over 89,600 individuals.
In response to the data breach, Mystic Valley Elder Services faced five class action lawsuits, which were consolidated in the Middlesex County Superior Court in Massachusetts. The In re Mystic Valley Elder Services Inc. lawsuit claimed that the data breach happened due to cybersecurity issues. Mystic Valley Elder Services did not identify the unauthorized activity promptly, and failed to send prompt notices to the victims, who only knew about the incident after 6 months.
The lawsuit claims include negligence, breach of fiduciary duty, unjust enrichment, breach of implied contract, and violation of the Massachusetts Consumer Protection Act. The plaintiffs wanted injunctive relief, which includes a court order disallowing the transmission of sensitive information through unencrypted email, saving protected health information (PHI) in email accounts, and demanding the implementation of many security procedures to protect the privacy and security of patient information. Mystic Valley Elder Services does not admit to any liability or wrongdoing.
Although the lawsuit wanted a jury trial, after a mediation, the parties involved decided to settle the lawsuit to avoid the burden of expenses, time, and uncertainty of a trial and associated appeals. Mystic Valley Elder Services will create a settlement fund to pay for attorneys’ fees and expenditures, settlement management and notification fees, and class representatives’ service awards. What is left of the settlement fund will be used to pay class members’ benefits.
Class members could file a claim to pro rata cash payment, approximated to be roughly $75 per class member. They can also file a claim for compensation of documented, unreimbursed losses because of the data breach, up to $5,000 for each class member. Claims should be filed on or before February 9, 2026. The settlement will also provide credit monitoring and identity theft protection services for two years. The schedule of the final fairness hearing is February 17, 2026.