A Florida resident has filed a lawsuit against Cigna Group Inc. over a data breach that occurred more than a year ago but was not disclosed until November.
Already a Subscriber? Log in
Get Instant Access to This Article
Subscribe to Hartford Business Journal and get immediate access to all of our subscriber-only content and much more.
- Critical Hartford and Connecticut business news updated daily.
- Immediate access to all subscriber-only content on our website.
- Bi-weekly print or digital editions of our award-winning publication.
- Special bonus issues like the Hartford Book of Lists.
- Exclusive ticket prize draws for our in-person events.
Click here to purchase a paywall bypass link for this article.
A Florida resident has filed a lawsuit against Cigna Group Inc. over a data breach that occurred more than a year ago but was not disclosed until November.
The lawsuit was filed on Dec. 17 in U.S. District Court for the District of Connecticut by Oren Faircloth of the New York-based law firm Siri & Glimstead on behalf of plaintiff Karina Lopez, a Florida resident. It names Cigna Group as the lone defendant.
A Cigna spokesperson provided a comment from the company via email, stating, "We deny any wrongdoing and will vigorously defend our company in the litigation."
The lawsuit states that, based on information Cigna provided in a letter to consumers dated Nov. 25, 2025, the healthcare provider “became aware of a cyber security incident occurring between October 21, 2024, and January 13, 2025,” in which a “an unauthorized third party” gained access to the network of a vendor that provides “payment integrity and other back-office support services.”
Neither the lawsuit nor the Cigna letter identify the vendor affected by the data breach.
Cigna’s letter states that the vendor “immediately secured” its network “upon discovery of the incident on January 13, 2025.”
The letter to customers also states that the vendor used internal and external experts to conduct an investigation, and after the conclusion of that investigation, Cigna “discovered that your personal information was contained in the affected files.”
The letter adds that “we have no evidence that your information has been misused,” while also offering customers complimentary one-year credit monitoring services from Equifax.
The lawsuit notes that Cigna serves more than 170 million customers worldwide, and that the personal information potentially exposed in the data breach includes names, healthcare IDs, dates of service, treatment costs and claims numbers.
There are more than 100 potential class members and the potential financial impact of the breach “exceeds the sum or value of $5 million, exclusive of interest and costs,” the lawsuit states.
It accuses Cigna of failing to protect the private information of class members, and that members are at risk of “experiencing misuse of their private information” by cybercriminals.
The lawsuit seeks a jury trial, as well as “appropriate monetary relief that could include “actual damages, statutory damages, punitive damages, restitution, nominal damages and disgorgement,” as well as fees and costs.
Note: This article was updated to include a statement from Cigna.
