Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
The rear view of a person in a hoodie, working on a computer. (Photo: Shutterstock)

Life Health > Annuities

Genworth Sued Over Personal Data Exposed in MOVEit Hack

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

Genworth Financial faces a new lawsuit over allegations that it failed to protect customers’ data from the MOVEit file transfer software breach, which may have exposed the personal information, including Social Security numbers, of about 2.5 million Genworth customers.

April Manar, a Missouri resident who is acting as the lead plaintiff, is seeking class-action status for the suit, which was filed Wednesday in the U.S. District Court for the Eastern District of Virginia. The complaint is available on Law.com Radar.

Manar is asking to represent a total of about 2.5 million people affected by the breach, including a class of Genworth customers in Missouri and a national class. A Genworth representative said the company does not comment on pending litigation. She has requested that the court award an unspecified amount of damages.

Progress Software, the company that sells the MOVEit software, emphasizes that it disclosed the vulnerability that led to the MOVEit hack and deployed a patch the same day.

See: The MOVEit Hack Has Hit These Financial Firms So Far

The MOVEit Breach

MOVEit is a widely used system for moving big, important batches of data. Many life insurance and annuity issuers, defined benefit pension plans and defined contribution retirement plans have worked with a vendor that has used MOVEit in efforts to determine whether individuals with relationships with the companies are still alive.

Cl0p, a Russian hacking gang, used the MOVEit vulnerability to get access to financial services companies and tried to persuade companies to pay it to keep the data secure.

Cl0p seems to have published much or all of the data it stole on the dark web, in fragmented and difficult-to-use files, according to press reports.

Notices issued to date suggest that the breach may have affected the records of about 26 million U.S. insurance and retirement services clients. The breaches have affected about 49 million people throughout the world, according to KonBriefing Research.

The Cl0p MOVEit breach appears to be smaller than some other high-profile financial services sector breaches.

In 2017, for example, a data breach at Equifax, a big credit bureau, exposed the personal financial data of about 147 million U.S. consumers. Equifax settled with the affected customers for $1.4 billion, or about $1,000 per affected customer.

The Manar Suit

The Manar suit was brought by a legal team that includes lawyers from Harty Jewell of Yorktown; Virginia McShane & Brady of Kansas City, Missouri; and Zinns Law of Atlanta.

Plaintiffs have filed dozens of other federal court suits against financial services companies involved in the MOVEit breach, including Genworth itself and TD Ameritrade.

The U.S. Judicial Panel on Multidistrict Litigation will hear arguments Sept. 28 in Lexington, Kentucky, on whether and how to consolidate some or all of the federal MOVEit litigation, including the Manar suit.

The Manar complaint focuses more than many other MOVEit breach complaints on the problems faced by people who have lost control over their Social Security numbers.

“It is no easy task to change or cancel a stolen Social Security number,” the complaint reads. “An individual cannot obtain a new Social Security number without significant paperwork and evidence of actual misuse. In other words, preventive action to defend against the possibility of misuse of a Social Security number is not permitted; an individual must show evidence of actual, ongoing fraud activity to obtain a new number.”

Even if an individual gets a new Social Security number, credit bureaus may still link a client’s new records to records of old transactions made by the criminals who used the old Social Security number, according to the complaint.

Credit: Shutterstock

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.