When a major insurance company like Arthur J. Gallagher & Co. suffers a data breach, the fallout can be far-reaching. In 2020, nearly 3.5 million people had their personal information exposed, and it took Gallagher almost a year to notify those affected. The company later agreed to a $21 million class action settlement, one of the more notable cases of its kind in recent years.
The claim window has since closed, but the Gallagher breach remains a powerful example of the cost of corporate inaction and what businesses and consumers can learn from it. And if you’ve found yourself in a similar situation, a data breach lawyer can help you understand what steps to take and whether you may be eligible for compensation.
What happened in the Gallagher data breach?
Between June and September 2020, hackers accessed sensitive personal data stored by Arthur J. Gallagher & Co. and its affiliate, Gallagher Bassett Services. The exposed information included:
- Social Security numbers
- Medical and health records
- Login credentials and passwords
- Bank and credit card information
- Biometric data (such as fingerprints)
Perhaps most troubling, Gallagher did not alert the public until almost a year later. That delay allowed more time for stolen data to be used and added to the damage suffered by victims.
Why this case matters
Class action attorney Christopher E. Roberts, who was involved in the case, noted that the Gallagher breach highlights a bigger issue: how frequent and serious data breaches have become.
“It highlights the importance of companies developing proper safeguards to protect consumers’ data,” he told Newsweek. Even major corporations with vast resources can fall short and face the consequences.
The Gallagher settlement also reminded consumers that they’re not powerless. Legal tools exist to hold companies accountable when data is mishandled. Knowing your rights is the first step toward protecting yourself.
What businesses can learn from the Gallagher case
The $21 million settlement served as a warning to companies everywhere about the real cost of neglecting data security. Here are some of the biggest takeaways:
Delays make everything worse
Gallagher didn’t notify victims until nearly a year after the breach occurred. That delay gave bad actors more time to misuse stolen data and left victims in the dark. The longer a company waits to act, the more damage can be done and the more likely legal consequences become.
Reputational harm is hard to undo
Even with a large settlement, Gallagher’s reputation took a hit. Consumers want to know that the businesses they trust with personal information will act quickly and transparently if something goes wrong. Rebuilding that trust takes time and significant resources.
Compliance isn’t enough without real safeguards
Companies that handle sensitive data, especially in healthcare, insurance, finance, or education, need real, ongoing investment in cybersecurity. This includes training staff, updating systems, and performing regular risk assessments.
Class actions are here to stay
As breaches become more common, so do class action lawsuits. This settlement confirms that courts are holding companies accountable for how they store and protect personal data. These lawsuits aren’t limited to major corporations. Any business can face them.
Transparency and planning reduce long-term costs
Companies that respond quickly, notify users promptly, and offer solutions, like credit monitoring or identity protection, often avoid the worst outcomes. A clear breach response plan isn’t optional anymore; it’s part of doing business in the digital age.
What consumers should keep in mind
Most of us share personal information with dozens of companies, like insurance providers, medical offices, banks, and many more. Even if you’re careful, your data can be at risk through no fault of your own.
That’s why it’s important to:
- Pay attention to breach notices
- Check your credit reports regularly
- Use credit monitoring if it’s offered
- Keep records in case you need to file a claim
If your data has ever been exposed in a breach and you’re not sure what to do after your personal information has been leaked, talking to a data breach attorney can help you understand whether legal action is available.
Protect your information and know your rights
When companies fail to protect sensitive information or respond too slowly to a breach, the damage ripples outward. For Gallagher, that meant $21 million in settlement costs, legal scrutiny, and long-term reputational fallout. For consumers, it meant months of uncertainty, the threat of identity theft, and the burden of monitoring their own accounts and credit reports.
If you’ve been affected by a data breach, you don’t have to navigate it alone. The team at Mason LLP helps people take back control after their personal data has been exposed. To get started, contact us online today or call us at (202) 429-2290 for a personalized consultation.