One of the main ERISA plans for our friends in Hollywood is allegedly at the center of a new cyber breach. The complaint in Gilbert v. AFTRA Retirement Fund sets forth a number of legal claims.
I would note, given some of the data-related ERISA noise making its way into the discourse, some of which comes out of the Vandy settlement agreement (particularly Section 10.9 thereof), that the complaint makes no ERISA allegations. Putting aside for the moment the question of whether that omission is a thoughtful one, I want to take this opportunity to log my own view that any suggestions that plan officials have somehow mishandled "plan assets" if and when data is misused are off-base. While there may or may not be fiduciary aspects to the way the plan is administered in respect of confidential data, I think that the assertion that the data itself is a plan asset is a bridge too far (sorry - needed a movie reference here), and would result in much analytical mischief. Just sayin' . . .