Prudential Sued Over MOVEit Hack

Digital lock/cybersecurity concept

What You Need to Know

The plaintiff, Bruce Parker, hopes to represent a nationwide class.
Parker says the offer of 24 months of free Kroll credit monitoring is not enough.
He estimates that credit monitoring will cost an individual about $200 per year.

Prudential Financial is being sued over the MOVEit file transfer system breach by a plaintiff who thinks affected customers should get 10 years of free credit monitoring.

Prudential, like many of the affected financial services companies, has offered the 320,840 customers believed to be affected by the breach two years of free credit monitoring services from Kroll.

Bruce Parker, a California who is asking to represent a class consisting of most of the affected customers, says Prudential should provide 10 years of free credit monitoring services.

Representatives for Prudential were not immediately available to comment on the suit, which was filed this month in the U.S. District Court for New Jersey. The complaint is available on Law.com Radar.

What It Means

One effect of the MOVEit breach could be increased public discussion about the kind of credit monitoring services data breach clients should get.

The Breach

Cybersecurity specialists say Cl0P, a hacking gang, implemented the breach by exploiting a weakness in MOVEit, a file transfer system, provided by Progress Software, that’s popular with organizations that need to move large amounts of sensitive data.

Progress Software has emphasized that it discovered the vulnerability May 31 and patched it the same day.

The attack affected many financial services organizations partly because PBI Research Services, a leading provider of death audit services, used MOVEit to help providers and administrators of life insurance, annuities and retirement plans determine whether customers are alive.

See also  Here's What Could Tip Us Into the Next Financial Crisis

Life, annuity and retirement services providers have filed more than 40 breach notices with state regulators and the Securities and Exchange Commission. Notices filed so far that include estimates of the number of people affected suggest that Cl0P may have stolen the records of more than 25 million people.

The Parker Suit

The Parker suit was brought by attorneys with Milberg Coleman, Shamis & Gentile and Kopelowitz Ostrow.