If you received a letter in the mail from a Portland-based accounting firm you’ve never actually done business with, you aren't alone. Over 1.1 million people found themselves in that exact boat. It’s confusing. It’s frustrating. Basically, the berry dunn class action lawsuit stems from a massive data breach that exposed some of the most sensitive information a person can own.
We're talking Social Security numbers, medical IDs, and even passport numbers.
The whole thing is a bit of a tangled web involving a high-end consulting firm, a third-party IT vendor, and a seven-month silence that left victims completely in the dark. Honestly, it’s a classic case of how modern data sharing can go sideways fast.
The $7.25 Million Reality Check
In early 2025, Berry, Dunn, McNeil & Parker (commonly known just as BerryDunn) agreed to shell out $7.25 million to settle the class action claims. This wasn't just a slap on the wrist. The lawsuit, consolidated as In re: Berry, Dunn, McNeil & Parker Data Security Incident Litigation in the U.S. District Court for the District of Maine, alleged that the firm was negligent.
They didn't protect the data. They didn't watch their vendors. And most importantly? They didn't tell anyone for a long time.
The settlement isn't an admission of guilt. Companies almost never admit they messed up in these deals. But the money is real. It’s designed to cover everything from $100 flat payments to massive $5,000 reimbursements for people who actually had their identities stolen or suffered financial hits.
What Went Wrong at Reliable Networks?
The breach didn't technically start inside BerryDunn's own office. It started at Reliable Networks of Maine, a managed service provider (MSP) that BerryDunn's Health Analytics Practice Group (HAPG) used to handle their systems.
✨ Don't miss: Syrian Dinar to Dollar: Why Everyone Gets the Name (and the Rate) Wrong
On September 14, 2023, Reliable Networks noticed something was "off."
Hackers had broken in.
They weren't just poking around; they were exporting data. Because BerryDunn handles analytics for state governments, healthcare providers, and insurance companies, the hackers hit a gold mine. Even if you never hired BerryDunn to do your taxes, your data might have been in their hands because your insurance company or the state Medicaid office used them for data crunching.
The Seven-Month Silence
Here is the part that really ticked people off. The breach was discovered in September 2023. But the notification letters? Those didn't start hitting mailboxes until April 2024.
Seven months.
For 210 days, over a million people had their Social Security numbers and medical histories floating around the dark web, and they had zero clue. The lawsuit argued that this delay was "particularly egregious." It's hard to protect your credit when you don't even know there's a hole in the fence.
🔗 Read more: New Zealand currency to AUD: Why the exchange rate is shifting in 2026
What Kind of Data Was Actually Taken?
The list is long and, frankly, pretty scary:
- Full names and current addresses
- Dates of birth
- Social Security numbers
- Health insurance policy numbers
- Medicare and Medicaid IDs
- Passport and State ID numbers
- Detailed medical information
Breaking Down the Settlement Tiers
The berry dunn class action lawsuit settlement isn't a one-size-fits-all situation. It’s split up based on how much the breach actually hurt you.
If you were part of the 1.1 million people affected, you generally fell into two camps. The first camp includes people who just want the "pro rata" cash payment. This was estimated at around $100, though that number shifts depending on how many people actually filed their claims before the May 2025 deadline.
The second camp is for the "extraordinary loss" claims. If you can prove—with receipts, bank statements, or police reports—that someone used your data to open a credit card or drain your savings, you could claim up to $5,000.
On top of the cash, everyone was offered three years of credit monitoring. In the world of data breaches, three years is actually pretty decent. Usually, you only get one.
Why This Matters for the Future of Data Privacy
This case highlights a massive "hidden" risk in the business world: the third-party vendor.
💡 You might also like: How Much Do Chick fil A Operators Make: What Most People Get Wrong
BerryDunn is a massive, reputable firm. But they trusted Reliable Networks. When that link in the chain broke, BerryDunn was the one left holding the bag (and the $7.25 million bill). Since the incident, BerryDunn has reportedly decommissioned the systems managed by Reliable Networks and moved everything to internal servers.
It’s a "too little, too late" move for many, but it shows that companies are finally realizing that outsourcing your IT doesn't mean you're outsourcing your liability.
Actionable Steps for Victims
If you were caught up in this, the window for the primary settlement claims closed in May 2025. However, the ripple effects of a breach this size last for years.
Freeze your credit. If you haven't done it yet, do it now. It’s free at Experian, Equifax, and TransUnion. It’s the only way to stop someone from opening a new loan in your name using that stolen Social Security number.
Check your "Explanation of Benefits" (EOB). Since medical IDs were stolen, "medical identity theft" is a huge risk. This is when someone uses your insurance to get surgery or drugs. If you see a doctor’s visit on your insurance statement that you never made, flag it immediately.
Watch for "Phishing" scams. Hackers now have your name, address, and where you get your healthcare. They will use this to send very convincing fake emails. If an email looks like it’s from your insurer asking for a "password reset," go directly to the official website instead of clicking the link.
The berry dunn class action lawsuit is a reminder that in 2026, your data is rarely just in one place. It’s everywhere. And when the companies we trust—even indirectly—fail to guard the gate, the burden of protection usually falls right back on us. Stay vigilant. Keep those credit freezes active.
Final approval for the settlement was granted in June 2025, and checks began rolling out shortly thereafter. If you missed the deadline, you likely can't get a piece of the $7.25 million now, but you can still use the credit monitoring services if you activated them in time. Don't let those services go to waste; they are often the first line of defense against the long-term fallout of a breach this size.