Regulation and Compliance Cybersecurity

MassMutual Annuity Unit Faces Federal MOVEit Data Breach Suit

News September 26, 2023 at 02:21 PM
Share & Print

An annuity owner is suing a subsidiary of Massachusetts Mutual Life Insurance Co. in connection with the MOVEit file transfer system data breach.

Joyce Pilotti-Iulo, a Nevada resident, is seeking class-action status for the suit, which names MassMutual Ascend Life Insurance Co. as a defendant along with Progress Software Corp. and PBI Research Services.

Pilotti-Iulo filed the suit in the U.S. District Court for the District of Massachusetts.

The MOVEit breach: MOVEit is a system that many organizations, including U.S. government agencies, use to move large batches of sensitive data.

Federal investigators say the MOVEit breach occurred in May, when Cl0p, a Russian hacking group, gained access to data stored on MOVEit servers.

KonBriefing Research has estimated that the breach may have affected more than 54 million individuals at more than 2,000 organizations around the world. The impact appears to be much smaller than the effects of some other well-known breaches, such as the Equifax credit bureau breach, which affected about 147 million U.S. consumers

The parties: MassMutual Ascend previously was known as Great American Life Insurance Co. MassMutual acquired the Cincinnati-based business from American Financial Group in 2021.

Progress Software is a Burlington, Massachusetts-based company that provides the MOVEit system.

PBI Research is a Minneapolis-based company that helps life insurers, annuity issuers, pension plans and other organizations determine whether customers are alive. PBI used MOVEit systems to move some of the data used in the death audit process.

MassMutual Ascend declined to comment, and represents for PBI could not immediately be reached for comment.

A spokesperson for the MOVEit program said, "We do not comment on pending litigation as our focus remains on working closely with customers so they can take the steps needed to further harden their environments, including applying the patches we have developed."

The suit: The Pilotti-Iulo suit appears to resemble many other MOVEit suits filed in federal district courts. The plaintiff argues that the defendants violated data protection standards and failed to protect personal data, such as customers' names and Social Security numbers, from the breach.

The plaintiff is asking for damages and for the defendants to improve their data security practices.

Looking ahead: The U.S. Judicial Panel on Multidistrict Litigation will hold a hearing Thursday in Lexington, Kentucky, on whether and how to handle MOVEit cases like the Pilotti-Iulo suit. Many of the parties want to see some, most or all federal cases consolidated in one court. Others want to see their cases considered separately, in the original court of jurisdiction.

Annuity Investing
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Lawsuit: Schwab, BofA Failed to Protect Older Couple Scammed Out of $18.5M Globe Life Reports Extortion Threat Involving Customer Data Banks Brace for Era of Consumer Data Sharing Fidelity Reports Data Breach Hitting 77,000 Clients Wells Fargo Client Sues Over Data Breach How Advisors Plan to Use Tech to Boost Growth: Schwab

Resource Center

Can Systematic Risk Be Reduced? link

Guide

Can Systematic Risk Be Reduced?

The Business Model Playbook: Mastering Technology for Firm Success link

Playbook

The Business Model Playbook: Mastering Technology for Firm Success

Harnessing AI to Power Advisor-Client Relationships link

White Paper

Harnessing AI to Power Advisor-Client Relationships