Affinity Legacy Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating Affinity Legacy, Inc. regarding its recent data breach. The Affinity Legacy data breach involved sensitive personal identifiable information and protected health information belonging to over 5,500 individuals.


Affinity Legacy is an insurance and healthcare administrator based in New York City. Founded in 1987, Affinity Legacy works with community health centers and other primary care practices to provide affordable healthcare coverage to underserved individuals and families. To that end, Affinity Legacy provides one-time grants to community-based organizations focused on mental health, food insecurity, workplace advancement, incarcerated individuals, and consumer healthcare education.2 Headquartered in the Bronx, New York, Affinity Legacy is dedicated to serving residents of Bronx, Kings, Nassau, New York, Orange, Queens, Richmond, Rockland, Suffolk, and Westchester counties.


Recently, Affinity Legacy was informed that one of its former third-party vendors, TMG Health (a Cognizant Technology Solutions company), experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. Through its investigation, TMG Health determined that an unauthorized actor may have accessed and acquired this sensitive information through a vulnerability in the MOVEit file sharing platform used by TMG Health between May 30, 2023, and June 2, 2023. Those affected were either former members of Affinity’s Medicare Advantage Plan prior to 2019 or members of an EmblemHealth Medicare Advantage Plan after 2019. As a result, Affinity Legacy mailed notices to all individuals whose information may have been impacted. The type of information potentially exposed includes:

  • Name
  • Social Security number
  • Date of birth
  • Address
  • Medical information (e.g., Medicare number and/or medical diagnosis codes)

If you received a breach notification letter from Affinity Legacy, Inc.:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the Affinity Legacy data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in any free credit monitoring services provided by Affinity Legacy, Inc.;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: