August 24, 2023 – Investigation Complete, Lawsuit Filed
Thank you to everyone who reached out about the Genworth Financial data breach. The investigation is now complete, and at least one lawsuit has been filed. You can read up on the case here.
Head over to this page to learn why you typically won't need to do anything to join a case like this.
Should updates become available, they will be posted to this page. In the meantime, you can find a list of ongoing investigations here, and you can have class action news sent to you directly by signing up for our free newsletter.
At A Glance
This Alert Affects:
Anyone who received a data breach notice letter from PBI on behalf of Genworth Financial or otherwise believes their personal information may have been exposed in a cyberattack affecting the life insurance company.
What’s Going On?
Genworth recently announced that a data breach targeting a widely used file transfer platform, MOVEit, has reportedly compromised files containing personal information belonging to an estimated 2.5 to 2.7 million life insurance policyholders and insurance agents. Attorneys working with ClassAction.org are now looking into whether a class action lawsuit can be filed on behalf of victims.
How Could a Lawsuit Help?
A class action lawsuit could potentially help impacted individuals get money back for any damages they experienced as a result of the data breach. It could also force Genworth and its third-party vendors to improve their data security practices.
What If I Didn't Get a Letter?
The letters should be received by August 15. If you have not gotten a letter and want to confirm whether your personal information was compromised, you can call Genworth at 888-436-9678.
Attorneys working with ClassAction.org want to hear from anyone whose data may have been compromised in a May 2023 data breach that impacted Genworth.
Specifically, they’re investigating whether a class action lawsuit can be filed against the life insurance company and others over a recent cyberattack involving MOVEit, a file transfer service used by PBI Research Services (PBI), a third-party vendor Genworth partners with.
In its online announcement of the incident, Genworth revealed that files accessed by cybercriminals during the data breach contained insurance policyholders’ and annuity customers' Social Security numbers, names, dates of birth, zip codes, states of residence and policy numbers. For insurance agents, the cyberattack reportedly exposed their agent IDs, names, dates of birth and addresses.
The attorneys have reason to believe that Genworth and its third-party partners may have failed to implement appropriate safeguards to keep customer information confidential. They’re now looking to file a class action lawsuit to hold the companies accountable and help compensate victims for any harm they’ve suffered, such as identity theft or fraud.
Consumers should receive their letters by August 15. If you have not gotten a letter and want to confirm whether your personal information was compromised, you can call Genworth at 888-436-9678.
Genworth Data Breach: Why Did I Get a Letter?
Genworth Financial, a Virginia-based company that offers long-term care, mortgage and life insurance, notified the U.S. Securities and Exchange Commission on June 22 that the MOVEit file transfer system security event experienced by PBI had impacted approximately 2.5 to 2.7 million of its policyholders and other customers.
Per Genworth’s online notice, those affected by the breach should expect to receive a letter in the coming weeks. The document will also provide instructions on how victims can access credit monitoring services and identity theft protection, the company says.
According to a proposed class action filed against the operators of MOVEit, Ipswitch and Progress Software Corporation, the “massive” cyberattack has impacted “several hundred” companies and federal and state agencies that use the platform to share sensitive data.
The actor reportedly responsible for the breach, a ransomware group called Clop, first gained access to the MOVEit transfer servers on May 27 after exploiting a vulnerability in the platform's software, BankInfoSecurity.com reports. DataEconomy.com says that in mid-June, the Russian-linked hacker group began listing impacted organizations on its dark web leak site and threatening to post batches of data if they failed to meet its ransom demands.
As of June 23, PBI has not been listed on Clop’s website, BleepingComputer.com reports. “While this could mean that the company is negotiating with the threat actors not to release data, it could also mean that Clop has not begun extorting the organization yet,” the cybersecurity news site says.
How Could a Lawsuit Help Data Breach Victims?
If successful, a lawsuit could provide compensation for:
The cost of obtaining credit reports, medical records and additional credit monitoring and identity theft protection services
Loss of time spent dealing with the effects of the breach
Loss of privacy
Damage to credit
A lawsuit could also force Genworth and its vendors to implement stronger data security practices to protect customer information from future attacks.