Back

Liberty Mutual Faces Class Action Over Ransomware Data Breach Exposing Customer Data

Severity: High (Score: 63.0)

Sources: Topclassactions, Al

Published: 2026-05-19 · Updated: 2026-05-20

Keywords: class, action, liberty, mutual, information, insurance, lawsuit

Summary

Liberty Mutual Insurance is facing a class action lawsuit due to a ransomware attack that exposed sensitive information of over 15,000 policyholders. The plaintiffs allege that the criminal group Everest accessed and may post their personally identifiable information and protected health information on the dark web. They claim that Liberty Mutual failed to encrypt or redact this sensitive data, leading to negligence and various legal violations. The lawsuit seeks to represent a nationwide class and a Massachusetts subclass of affected consumers. Plaintiffs have reported experiencing identity theft and fraud following the breach. The case is filed in the U.S. District Court for the District of Massachusetts, with plaintiffs demanding a jury trial and various forms of damages. Key Points: • Liberty Mutual is accused of failing to protect sensitive customer data during a ransomware attack. • The ransomware group Everest is linked to the breach, with data potentially exposed on the dark web. • Plaintiffs report identity theft and fraud incidents following the data breach.

Detailed Analysis

**Impact** More than 15,000 Liberty Mutual policyholders had their personally identifiable information (PII) and protected health information (PHI) exposed in a ransomware attack. The affected individuals include a nationwide class and a Massachusetts subclass of consumers. The breach has led to reported incidents of identity theft, fraud, spam, scam, and phishing attempts, as well as fraudulent financial charges. Liberty Mutual faces legal claims including negligence, breach of implied contract, invasion of privacy, and violations of consumer protection laws. **Technical Details** The attack was carried out by a criminal ransomware group known as Everest, which exfiltrated sensitive data and posted it on a dark web leak site. The plaintiffs allege Liberty Mutual failed to encrypt or redact the compromised data. No specific malware variants, CVEs, or detailed attack vectors were disclosed in the articles. Infrastructure details and kill chain stages remain unspecified. **Recommended Response** Organizations should monitor for indicators of compromise related to the Everest ransomware group and review exposure of sensitive data on dark web platforms. Immediate actions include verifying encryption and data protection controls for sensitive customer information and enhancing phishing and fraud detection capabilities. No specific patches or IOCs were provided; defenders should focus on monitoring for unauthorized data exfiltration and suspicious access patterns.

Source articles (3)

  • Liberty Mutual class action claims ransomware attack exposed customer data — Topclassactions · 2026-05-19
    Liberty Mutual Insurance is facing a class action lawsuit alleging it failed to safeguard sensitive information belonging to more than 15,000 policyholders that was exposed in a recent ransomware atta…
  • Major insurance company faces class action lawsuit after hackers posted health information online — Al · 2026-05-19
    Liberty Mutual is being sued in a class action alleging it failed to safeguard the personal information of thousands of policyholders during a recent data breach. Plaintiffs claim Liberty Mutual faile…
  • Major insurance company faces class action lawsuit after hackers posted health information online — Al · 2026-05-19
    Liberty Mutual is being sued in a class action alleging it failed to safeguard the personal information of thousands of policyholders during a recent data breach. Plaintiffs claim Liberty Mutual faile…

Timeline

  • 2026-05-19 — Class action lawsuit filed against Liberty Mutual: Plaintiffs allege negligence in protecting sensitive data after a ransomware attack by Everest, affecting over 15,000 policyholders.
  • 2026-05-19 — Details of the ransomware attack revealed: The plaintiffs claim that Everest added Liberty Mutual to its dark web leak site, exposing sensitive medical records and personal information.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Ransomware (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Insurance (Industry)
  • T1566 - Phishing (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • Everest (Ransomware Group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed