PlanMember Securities Corporation targeted by cyber thieves • LegalScoops

Affected California consumers receive data breach notifications

On April 15, 2022, PlanMember Securities Corporation (“PlanMember”) reported a data breach to the California Attorney General’s office. According to PlanMember, on February 17, 2022, criminal actors illegally gained access to a corporate executive’s email account and impersonated him, attempting to steal funds.

In the corrupted email account were documents containing personal information about the customer. PlanMember only discovered the security flaw on March 15 and does not know which particular documents the cyber thieves accessed from the hacked email account. The personal data of more than 70,000 people is at risk.

Personal information of the participant at risk:

  • Names
  • Social security numbers
  • Participant account numbers

PlanMember offers 12 months of free access to Experian IdentityWorks. There is a deadline for registration.

The full text of the Data Breach Notice for Plan Members is available here.

PlanMember Securities is part of a family of companies that includes PlanMember Financial Corporation, PlanMember Services Corporation and PlanMember Asset Management Corporation.

Headquartered in Carpenteria, California, PlanMember provides investment and retirement planning services nationwide.

Special California Laws Protect You

California has laws that specifically protect your personal information.

  • the California Customer Records Act (CCRA) requires businesses to implement and maintain reasonable security procedures and practices to protect consumers’ personal information. Companies must also notify affected California consumers promptly and without unreasonable delay.
  • the California Consumer Privacy Act (CCPA) contains numerous protections for the personal information of California residents, including implementing and maintaining reasonable security procedures.

If certain types of personal information, such as social security numbers and names, are not encrypted and are accessed, stolen, or hacked because a company has failed to meet its obligation to implement and maintain security reasonable, an affected California resident may file a lawsuit to protect their rights under the CCPA and the CCRA. Medical information is also covered by the CMIA.

If you are a California resident and have received a recent notice of data breach from PlanMember, you may be entitled to between $100 and $750 or your actual damages, whichever is greater. Participants in Data Breach Lawsuits May Obtain Damages, an injunction (to ensure that the company has reasonable security practices in place to prevent further disclosure of consumer data) and any other action deemed necessary by the court to compensate data breach victims and prevent that this damage does not reoccur.

For more information on your options Fill out the form below or call 1-844-BREACH8 (844-273-2248).

Electronic personal data does not degrade, one year of identity theft services offered by PlanMember may not be enough

Identity theft is on the rise. For example, in Washington State, residents received 6.3 million data breach notices, the highest number ever.[1] In 2021, there were over 50 million compromised personal records nationwide; the T-Mobile data breach alone affecting 6 million consumers. Even Equifax and Experian, which offer credit monitoring services, suffered massive data breaches, affecting more than 150 million people.

Cybercrimes are an attractive target for hackers: data can be bought and sold anonymously, and the going rate per personal record is low (less than $20 per record, depending on the type of information according to the Privacy Affairs Dark 2021 Web Index). Some types of critical personal information — like social security numbers, names, and birth dates — are nearly impossible to change. Thieves can choose to wait years before capitalizing on compromised personal data. The longer cyber thieves can go unnoticed, the more they profit from their illegal activities.

Not all data breaches lead to identity theft. But once you know your data has been leaked, it is reasonable to fear that your data could be used to cause you significant financial loss. Compromised data also increases the risk of hacking, phishing, and increased anxiety about future loss and identity theft.

Companies should be held accountable for data breaches

Many companies accumulate massive amounts of personal consumer data and retain that data indefinitely for future profit. When companies use this strategy, it is their responsibility to protect your personal information from cybercriminals. When companies decide to collect and maintain personal data about California customers, under California law they assume the obligation to protect this information and to protect it from hackers, thieves and other criminals.

This personal data is extremely valuable, both for companies and for criminals who want to sell this information on the dark web to identity thieves and other black marketers. However, “it is clear that many organizations need to hone their security skills, training, practices and procedures to properly protect consumers.”[2] The stakes are high: data breach victims are more likely to also be victims of further fraud.[3]

We can help you exercise your legal rights

Experimented data breach and class action lawyers can help you exercise your rights, assess your options and decide if you are entitled to compensation under the CCPA and the CCRA. There are no disbursements to you, as we only get paid if we win.

For more information on your options, please complete the following form.

Confidential • Free of charge • No obligation

[1] Source: B. Ferguson, Attorney General, Washington State Attorney General’s Office, 2021 Data Breach Report (2021).

[2] Source: K. Harris, Former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).

[3] Same

Avril Strauss, Esq.

April M. Strauss, JD, CIPP/US, CIPP/E, CIPM, is an attorney with thirty years of litigation experience, focusing on consumer class actions and data privacy. For more information, please visit

Luisa D. Fuller