Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
Judge with gavel

Regulation and Compliance > Litigation

Genworth Backs Consolidating Federal MOVEit Breach Suits in Massachusetts

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • Genworth says the Massachusetts federal court is efficient and is near the offices of the MOVEit system provider.
  • Johns Hopkins notes that some MOVEit suits name it as the only defendant.
  • In 2017, the federal courts ended up consolidating the Equifax breach litigation in Atlanta.

Genworth Financial is hoping the federal courts will consolidate the lawsuits resulting from the Cl0p ransomware attack on MOVEit file transfer software users in the U.S. District Court for Massachusetts.

Some other parties, including many of the plaintiffs, are supporting MOVEit case consolidation in other federal courts or arguing against the consolidation of the cases listing them as parties.

Related: TIAA Hit With Class-action Suit Over MOVEit Hack

The U.S. Judicial Panel on Multidistrict Litigation will hear arguments Sept. 28 in Lexington, Kentucky, on where the federal MOVEit breach litigation should go.

What It Means

The MOVEit breach litigation could be of keen interest to retirement services clients because early breach notice reports show life insurers and retirement services providers are already sending about 25 million breach notices to annuity owners, life insurance policy owners, retirement account owners, and other customers and clients.

The Cl0p Ransomware Attack

MOVEit is a file transfer system that has been around for decades and is popular with organizations that need to move large amounts of sensitive data.

The Federal Procurement Data System shows that NASA, the Army, the Veterans Affairs Department and other federal agencies and departments have already signed a dozen MOVEit purchase orders so far this year.

Cl0p, a Russian hacking group, found a way to hack MOVEit.

The hack had a big effect on the retirement services sector because PBI Research Services, a firm that helps providers determine whether customers are alive, relied heavily on MOVEit to manage the data used to perform death audit services.

More than 500 U.S. organizations have already reported being affected by the breach, and securities experts have suggested that the final count of the organizations affected could be much higher.

The U.S. Judicial Panel on Multidistrict Litigation

The U.S. Judicial Panel on Multidistrict Litigation (MDL panel), was established in 1968. It helps the federal civil courts manage situations in which similar suits are pending in two or more federal courts.

The current panel chair is U.S. District Court Judge Karen Caldwell, a judge in the Eastern District of Kentucky.

Consolidation Views

Genworth, a big life insurance, annuity and long-term care insurance provider, is listed as a defendant on several Cl0p-related suits partly because it used PBI Research Services to administer its insurance policies and annuity contracts and partly because it was one of the first big companies to send out breach notices.

The insurer said in a brief filed last week with the MDL panel that centralizing the cases would increase efficiency; that the Massachusetts court has skilled judges who are experienced with handling multidistrict litigation; and that the Massachusetts court is close to the office of Progress Software Corp., the company that sells the MOVEit system.

Genworth simply hired PBI Research Services, a vendor that used MOVEit, and it does not believe there is any basis for holding it liable for vulnerabilities in the software, according to the brief.

But, “if there is any wrongdoer here aside from the unauthorized third party who accessed MOVEit, it will be revealed through discovery and proceedings centered on the work and conduct of PSC and PBI,” Genworth told the court.

Johns Hopkins University and Johns Hopkins Health System, for example, are asking the MDL panel to keep the suits filed against it in Maryland, based partly on the argument that none of the plaintiffs that have sued it over the MOVEit breach have named PBI as a defendant.

The Equifax Breach

The MDL panel has handled waves of litigation related to big data breaches before.

In 2017, a data breach at Equifax, a big credit bureau, exposed the personal financial data of about 147 million U.S. consumers.

Equifax ended up facing more than 250 lawsuits and regulations. In 2017, the MDL panel decided to consolidate the federal Equifax litigation in Atlanta.

Equifax ended up settling with the consumers involved in the Atlanta litigation for about $1.4 billion, or about $1,000 per affected customer.

Credit: Shutterstock

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.