Genworth Financial faces a new lawsuit over allegations that it failed to protect customers' data from the MOVEit file transfer software breach, which may have exposed the personal information, including Social Security numbers, of about 2.5 million Genworth customers.
April Manar, a Missouri resident who is acting as the lead plaintiff, is seeking class-action status for the suit, which was filed Wednesday in the U.S. District Court for the Eastern District of Virginia. The complaint is available on Law.com Radar.
Manar is asking to represent a total of about 2.5 million people affected by the breach, including a class of Genworth customers in Missouri and a national class. A Genworth representative said the company does not comment on pending litigation. She has requested that the court award an unspecified amount of damages.
Progress Software, the company that sells the MOVEit software, emphasizes that it disclosed the vulnerability that led to the MOVEit hack and deployed a patch the same day.
The MOVEit Breach
MOVEit is a widely used system for moving big, important batches of data. Many life insurance and annuity issuers, defined benefit pension plans and defined contribution retirement plans have worked with a vendor that has used MOVEit in efforts to determine whether individuals with relationships with the companies are still alive.
Cl0p, a Russian hacking gang, used the MOVEit vulnerability to get access to financial services companies and tried to persuade companies to pay it to keep the data secure.
Cl0p seems to have published much or all of the data it stole on the dark web, in fragmented and difficult-to-use files, according to press reports.
Notices issued to date suggest that the breach may have affected the records of about 26 million U.S. insurance and retirement services clients. The breaches have affected about 49 million people throughout the world, according to KonBriefing Research.