Fidelity, BofA, Others Face New Lawsuit Over MOVEit Data Breach

InsuNews September 14, 2023
Circuit cyberspace design created with Generative Ai technology

What You Need to Know

The MOVEit cyberattack on a file transfer tool affected hundreds of firms and millions of consumers.
The suit alleges defendants were negligent in maintaining consumers’ personal data.

Fidelity Investments, Bank of America, Corebridge Financial and others failed to properly secure and safeguard consumers’ private information, according to a new lawsuit arising from the massive MOVEit software data breach.

Plaintiff Frank W. Cooper, in a proposed class-action complaint filed Sept. 7 in U.S. District Court in Massachusetts, also sued F&G Annuities & Life and two other companies affected by the breach: Pension Benefit Information, which does business as PBI Research Services, and MOVEit owner Progress Software Corp.

The hack, which occurred in late May, touched hundreds of companies, including numerous financial services firms, and tens of millions of consumers worldwide, subsequently spawning multiple lawsuits.

The breach occurred when a Russian ransomware gang exploited a weakness in MOVEit, a Progress Software tool that numerous organizations use to transfer files containing sensitive data.

The attack reached many companies through PBI Research Services, which has said it uses MOVEit to help financial firms determine whether account holders are alive and find beneficiaries. PBI was one of the companies whose data the gang accessed and stole, including personal data belonging to Cooper and millions of others, the suit says.

Fidelity Investments Institutional Operations, Bank of America, Corebridge and F&G Annuities & Life entrusted tens of thousands of consumers’ personally identifiable information, including Cooper’s, to PBI and Progress Software, according to the complaint. This included names, addresses, birth dates, phone numbers and Social Security numbers, the lawsuit says.

See also  ChatGPT Use Will Become an Industry Trend: Brian McLaughlin

PBI controlled Cooper’s personal data because it processes information for his retirement and annuity plans, according to the suit. In July, PBI informed Cooper and other Fidelity customers about the data breach involving MOVEit’s software, the complaint notes.

PBI notified these customers that it provides audit and address-research services for Fidelity Investments, which provides administrative services for retirement plans at Bank of America, where Cooper previously worked.

In Bank of America’s role as Cooper’s pension plan sponsor, the company provided his personal data to Fidelity and PBI, according to the complaint, which highlights the network of corporate connections that allowed the hack to reach so many organizations and consumers.

Cooper also as a deferred fixed annuity with F&G and a fixed annuity contract with Corebridge Financial, according to the suit.

More Stories

Life Insurance Exclusions – What’s Not Covered By Life Insurance Policies?

What is a Loan Clause When Buying a Home in Ireland?

InsuNews November 22, 2024

Term life insurance for children? Nobody seems to have this for any sort of reasonable coverage amount

InsuNews November 22, 2024
/contrib/content/uploads/sites/415/2024/07/Donald_Trump_2024_BB_640x640.jpg

Trump Seeks Perfect Treasury Candidate as Search Drags On

InsuNews November 21, 2024

You may have missed

2025 Aprilia Tuono 457

2025 Aprilia Tuono 457 released

InsuNews November 23, 2024
cyber insurance

Understanding the importance of cyber insurance in the digital age

InsuNews November 23, 2024
What Is Rideshare Insurance?

What Is Rideshare Insurance?

InsuNews November 22, 2024
price-pressure-reinsurance-retro-ils-ilw

With excess capital in the system, property cat rates could trend down at 1/1: Morgan Stanley

InsuNews November 22, 2024

Crap insurance vs. no insurance

InsuNews November 22, 2024