May 2023 Cyberattack Triggers Class Action Against Corebridge Financial

New to ClassAction.org? Read our Newswire Disclaimer

Corebridge Financial faces a proposed class action lawsuit over a May 2023 data breach that reportedly exposed the personal information of approximately 798,000 individuals.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 54-page lawsuit says the financial services company announced on August 8, 2023 that it had been affected by a cyberattack that targeted MOVEit, a popular file transfer platform used to send and store large files.

According to the notice letter sent on Corebridge’s behalf, a third-party vendor the defendant partners with—Pension Benefit Information (PBI)—uses MOVEit in the normal course of business. As a result, the private information of Corebridge’s customers was compromised when an unauthorized actor gained access to PBI’s servers via a vulnerability in its MOVEit software between May 29 and 30 of this year, the suit describes.

Related Reading: 2023 MOVEit Data Breach Lawsuits

The notice relays that the exposed information may have included consumers’ names, Social Security numbers, policy or account numbers, dates of birth and addresses.

The case argues that as a result of the defendant’s insufficient cybersecurity and failure to handle customer data with “reasonable care,” the confidential information has been stolen by hackers, “likely posted on the dark web and exposed to an untold number of unauthorized individuals.”

Further, the complaint takes issue with Corebridge’s failure to promptly inform victims of the breach. The delayed notification prevented impacted individuals from taking early steps to mitigate the harm caused by the unauthorized disclosure of their information, the filing contends.

Based on the value of its customers’ sensitive data and the frequency of cyberattacks in the financial industry, the defendant was well aware it would make an “attractive target” for threat actors and “certainly knew the foreseeable risk of failing to implement adequate cybersecurity measures,” the lawsuit claims. Nevertheless, the company failed to safeguard the highly confidential information entrusted to it, the suit alleges.

The plaintiffs, residents of New Hampshire and California, respectively, received notice on August 8 informing them that their personal data had been compromised in the breach, the case says. Like other victims, the two men now face a heightened risk of identity theft, medical or tax fraud and other illegal schemes as a result of Corebridge’s alleged negligence, the complaint charges.

The lawsuit looks to represent anyone in the United States who had their private data submitted to Corebridge Financial or its affiliates and/or whose information was compromised as a result of the data breach experienced by the defendant in May 2023, including anyone who received a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.