Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
Digital lock/cybersecurity concept

Life Health > Running Your Business

Prudential Sued Over MOVEit Hack

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • The plaintiff, Bruce Parker, hopes to represent a nationwide class.
  • Parker says the offer of 24 months of free Kroll credit monitoring is not enough.
  • He estimates that credit monitoring will cost an individual about $200 per year.

Prudential Financial is being sued over the MOVEit file transfer system breach by a plaintiff who thinks affected customers should get 10 years of free credit monitoring.

Prudential, like many of the affected financial services companies, has offered the 320,840 customers believed to be affected by the breach two years of free credit monitoring services from Kroll.

Bruce Parker, a California who is asking to represent a class consisting of most of the affected customers, says Prudential should provide 10 years of free credit monitoring services.

Representatives for Prudential were not immediately available to comment on the suit, which was filed this month in the U.S. District Court for New Jersey. The complaint is available on Law.com Radar.

What It Means

One effect of the MOVEit breach could be increased public discussion about the kind of credit monitoring services data breach clients should get.

The Breach

Cybersecurity specialists say Cl0P, a hacking gang, implemented the breach by exploiting a weakness in MOVEit, a file transfer system, provided by Progress Software, that’s popular with organizations that need to move large amounts of sensitive data.

Progress Software has emphasized that it discovered the vulnerability May 31 and patched it the same day.

The attack affected many financial services organizations partly because PBI Research Services, a leading provider of death audit services, used MOVEit to help providers and administrators of life insurance, annuities and retirement plans determine whether customers are alive.

Life, annuity and retirement services providers have filed more than 40 breach notices with state regulators and the Securities and Exchange Commission. Notices filed so far that include estimates of the number of people affected suggest that Cl0P may have stolen the records of more than 25 million people.

The Parker Suit

The Parker suit was brought by attorneys with Milberg Coleman, Shamis & Gentile and Kopelowitz Ostrow.

The complaint does not give any details about the nature of Parker’s relationship with Prudential, other than to say that he gave Prudential personally identifiable information.

The plaintiff alleges in the suit that Prudential failed to take enough precautions to protect the personally identifiable information affected by the breach and took too long to notify the affected customers.

The plaintiffs are asking the court to require Prudential to improve its data security efforts, provide restitution for affected customers, and provide an award of actual damages, compensatory damages, statutory damages, statutory penalties and attorneys’ fees and costs.

Plaintiffs have filed more than 40 federal suits in response to the MOVEit hack. The U.S. Judicial Panel on Multidistrict Litigation plans to hear arguments Sept. 28 in Lexington, Kentucky, on whether federal MOVEit breach litigation should be consolidated at one federal district court.

The Parker suit names Prudential as the sole defendant.

Some defendants in other single-defendant MOVEit suits, including Johns Hopkins, have opposed the idea of consolidating the suits filed against them with suits filed against other entities.

Credit Monitoring

The plaintiff contends in the complaint that the offer of 24 months of free Kroll credit monitoring and identity restoration services “is wholly inadequate.”

Identity theft monitoring costs about $200 per year, and, once the 24-month monitoring period expires, the affected class members will have to pay for monitoring services out of pocket, according to the complaint.

Credit: ImageDesign/Adobe Stock

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.