Skip to main content

You are here


New York Life Clients Latest Victims of Massive MOVEit Data Breach


Almost 26,000 New York Life customers had their names and Social Security numbers exposed to a data breach, the latest in a massive hack that affected hundreds of companies and millions of Americans.

The hack occurred in late May and involved Progress Software, the provider of MOVEit transfer software. MOVEit is used to transfer client data securely.

On May 31, the software provider disclosed a vulnerability that had been exploited by an unauthorized third party. The company said it issued a patch the same day, launched an investigation and performed a manual review of its records to confirm the identities of the clients that were involved.

New York Life said it will provide two months of Kroll Identity Monitoring services.

"The affected individual will receive alerts when there are changes to their credit data—for instance when a new line of credit is applied for in their name," according to a data breach notification filed in Maine. "They will also have unlimited access to consultation with a Kroll fraud specialist. Support includes showing them the most effective ways to protect their identity, explaining their rights and protections under the law, assistance with fraud alerts, and interpreting how personal information is accessed and used, including investigating suspicious activity that could be tied to an identity theft event."

If the individual becomes a victim of identity theft, a Kroll licensed investigator will work on their behalf to resolve any issues.

A number of financial services firms and state pension funds were targeted by ransomware hackers, known as Cl0P, including CalPERS, Charles Schwab, and Fidelity Investments.

A retired teacher has filed a class-action lawsuit against one affected company, TIAA, as a result of the breach. The case, Jentz vs. Teachers Insurance and Annuity Association of America, No. 1:23-cv-06944, accuses the company of failing to protect her personal data by not encrypting the files before transferring them.

At the PSCA National Congerence in May, EBSA Assistant Secretary Lisa M. Gomez emphasized the importantce of  cyber liability Insurance, saying it's "definitely" something companies should have.