Amalgamated Meat Cutters Local 342 Health Care Fund Data Breach 2025: 56,615 Union Members and Dependents Exposed in Network Hack. Class-Action Investigations Open. What To Do.
Amalgamated Meat Cutters and Retail Food Store Employees Union Local 342 Health Care Fund (NY) filed a HIPAA breach notification with HHS OCR on June 26, 2025, after an unauthorized actor accessed its network between April 25 and April 28, 2025. A 56,615-person review concluded February 12, 2026; notification letters mailed March 9, 2026. Social Security numbers, driver's license numbers, medical records, health insurance information, financial accounts, passports, and taxpayer information were exposed. Multiple plaintiffs' firms have opened class-action investigations.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Apr 25, 2025
Unauthorized actor begins accessing files on the Local 342 network
Apr 28, 2025
Local 342 detects the intrusion; network secured, law enforcement notified, external cybersecurity experts engaged
Jun 26, 2025
HHS OCR breach report filed (56,615 affected; Network Server; Hacking/IT Incident)
Feb 12, 2026
Forensic data review of affected files completed
Mar 9, 2026
Individual notification letters mailed; filings submitted to Maine, Massachusetts, New Hampshire, and Vermont attorneys general
Mar 11, 2026
Plaintiffs' firms publicly open class-action investigations
Apr 25, 2025
Unauthorized actor begins accessing files on the Local 342 network
Apr 28, 2025
Local 342 detects the intrusion; network secured, law enforcement notified, external cybersecurity experts engaged
Jun 26, 2025
HHS OCR breach report filed (56,615 affected; Network Server; Hacking/IT Incident)
Feb 12, 2026
Forensic data review of affected files completed
Mar 9, 2026
Individual notification letters mailed; filings submitted to Maine, Massachusetts, New Hampshire, and Vermont attorneys general
Mar 11, 2026
Plaintiffs' firms publicly open class-action investigations
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Amalgamated Meat Cutters and Retail Food Store Employees Union Local 342 Health Care Fund, headquartered at 100 St. Mary’s Ave., Staten Island, NY 10305, is the multi-employer Taft-Hartley fund that delivers health benefits to UFCW Local 342 members across Long Island, New York City, the lower Hudson Valley, and New Jersey. The Fund filed a HIPAA breach notification with HHS OCR on June 26, 2025, reporting 56,615 affected individuals in a Hacking/IT Incident at a Network Server. The Fund did not begin notifying affected individuals until March 9, 2026, roughly 10 months after the intrusion was detected.
Timeline
- April 25, 2025. An unauthorized external actor begins accessing files on the Local 342 network.
- April 28, 2025. Local 342 detects the intrusion, secures the network, notifies law enforcement, and engages external cybersecurity experts.
- June 26, 2025. HHS OCR breach report filed: 56,615 affected, Network Server, Hacking/IT Incident.
- February 12, 2026. Forensic review of the affected files concludes. Identity-verification and address-lookup work begins for individual notice.
- March 9, 2026. Notification letters mailed to affected individuals. Concurrent filings made with the Maine, Massachusetts, New Hampshire, and Vermont attorneys general.
- March 11 to 12, 2026. Multiple plaintiffs’ firms publicly open class-action investigations.
What was exposed
The Maine Attorney General notice and the Fund’s substitute notice (summarized by ClassAction.org, ClaimDepot, and the firms investigating litigation) list the following data elements:
- Full name
- Date of birth
- Social Security number
- Driver’s license number or state ID number
- Passport number
- Financial account information
- Taxpayer information
- Health insurance information
- Medical records
This is a near-complete identity-theft kit paired with HIPAA-regulated health data. Your individual notification letter will identify the exact subset of elements that applied to your record.
Who is notifying you, and why
Local 342 Health Care Fund is the HIPAA covered entity in this breach, not the union local itself. The Fund is a multi-employer health and welfare plan governed by a Board of Trustees. It administers medical, prescription, dental, and related benefits for UFCW Local 342 members and their eligible dependents.
If you are a current or former Local 342 member, or a covered spouse, child, or other dependent enrolled in the Fund’s plan during the affected period, you are the population the Fund is writing to. Notices were sent by U.S. Mail to the address the Fund has on file. A toll-free response line was established at 833-518-0169, and the Fund posted its breach notice on its own website at local342update.com.
The Fund is offering complimentary credit monitoring and identity-theft protection, with a 90-day enrollment window using the unique code printed in each notification letter. The entity’s own notice specifies that credit monitoring is provided to individuals whose Social Security number was among the exposed elements. If your notification letter does not list an SSN, contact the response line to confirm eligibility. Attorney general filings confirm 105 Massachusetts residents, 30 Maine residents, and 15 New Hampshire residents are among those notified.
Because the Fund is a Taft-Hartley plan, both active members and retirees who carried benefits through Local 342 should expect to be in scope. Dependents covered under a member’s plan are independently in scope and may receive their own letter if the Fund has separate address data on file.
Class-action posture
As of early June 2026, no consolidated complaint has been publicly docketed, but at least six plaintiffs’ firms have opened investigations and are signing up affected individuals: Edelson Lechtzin LLP, Lynch Carpenter LLP, Strauss Borrelli PLLC, Federman & Sherwood, Finkelstein, Blankinship, Frei-Pearson & Garber LLP, and Shamis & Gentile P.A.. The roughly 10-month gap between detection and individual notice, combined with the breadth of exposed data (SSN plus passport plus medical records), is the kind of fact pattern that typically drives negligence and breach-of-fiduciary-duty claims against multi-employer health funds. This page will be updated when a complaint is filed.
What to do
- Read your notification letter carefully. It will list the exact data elements that applied to your record and include the credit-monitoring enrollment code. Enroll within the 90-day window so coverage starts.
- Place free credit freezes at Equifax, Experian, and TransUnion. SSN exposure is confirmed, so a freeze is the highest-leverage step you can take.
- File IRS Form 14039 if you have any reason to suspect tax-related identity theft. Taxpayer information is among the confirmed exposed categories.
- If your passport number was listed, consider requesting a new passport book number through the U.S. State Department. Driver’s license numbers can be flagged with your state DMV.
- Watch your health-plan EOBs for claims you did not receive. Medical-records exposure raises the risk of medical identity theft and false-claim activity against your benefits.
- If you want to stop the ongoing flow of your data to plan administrators, vendors, and downstream business associates, HealthConsent files HIPAA restriction requests against the covered entity and its known business associates.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filed June 26, 2025; 56,615 affected; Network Server; Hacking/IT Incident).
- Maine Attorney General breach notice — entity identification, affected counts, monitoring offering.
- ClassAction.org — UFCW Local 342 Data Breach — timeline, exposed data elements, investigation status.
- ClaimDepot — UFCW Local 342 Data Breach Affects 56,615 Members — response measures, toll-free number, enrollment window.
- Strauss Borrelli PLLC investigation — class-action investigation announcement and exposed-data listing.
- Federman & Sherwood investigation — class-action investigation announcement.
- Edelson Lechtzin LLP investigation (PR Newswire) — class-action investigation announcement.
- UFCW Local 342 — Notice of Data Security Incident — entity’s own breach notice; confirms exposed data categories, credit monitoring eligibility (SSN-impacted individuals), and response line.
- Lynch Carpenter LLP — UFCW Local 342 investigation (GlobeNewswire) — class-action investigation announcement, PHI categories confirmed.
- Massachusetts Attorney General — March 2026 data breach notices (filing 2026-352) — confirms MA AG filing; 105 Massachusetts residents affected.
- ClaimDepot — UFCW Local 342 Data Breach Investigation (Shamis & Gentile) — state-level resident breakdown; Shamis & Gentile investigation.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Maine Attorney General — Local 342 / Amalgamated Meat Cutters Health Care Fund breach notice
- ClassAction.org — UFCW Local 342 Data Breach Affects 56K, Exposing SSNs
- ClaimDepot — UFCW Local 342 Data Breach Affects 56,615 Members
- Strauss Borrelli PLLC — UFCW Local 342 Data Breach Investigation
- Federman & Sherwood — UFCW Local 342 Data Breach Investigation
- Edelson Lechtzin LLP — Data Breach Alert (PR Newswire)
- UFCW Local 342 — Notice of Data Security Incident (entity's own domain)
- Lynch Carpenter LLP — UFCW Local 342 Data Breach Claims Investigated (GlobeNewswire)
- Massachusetts Attorney General — UFCW Local 342 Data Breach Notice (filing 2026-352)
- ClaimDepot — UFCW Local 342 Data Breach Investigation (Shamis & Gentile)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.