Liberty Mutual Called the Breach Fake. Now There’s a Class Action Lawsuit.

Insurance giant Liberty Mutual failed to protect the personal information of at least 15,630 customers after the Everest Group ransomware gang breached its systems in April 2024. The stolen data includes Social Security numbers, financial information, and health insurance details — all now circulating on criminal forums.

A federal class action lawsuit filed in May 2026 alleges the company was negligent in securing private information.

If you have a Liberty Mutual policy, your most sensitive personal data may be in the hands of cybercriminals right now.

The Everest Group ransomware gang claims to have stolen 108 gigabytes of Liberty Mutual data and published it on the dark web after the company refused to pay their extortion demands. The leaked information includes thousands of individual policy documents containing customer names, addresses, Social Security numbers, policy numbers, financial details, and insurance information.

The Breach Timeline Shows a Pattern of Poor Security

The April 2024 attack comes just months after New York State fined Liberty Mutual $2 million and ordered security improvements following multiple cyber incidents in 2020 and 2021.

Those earlier breaches exposed driver’s license numbers of approximately 50,000 New York residents through three different inadequately secured online quote tools.

Apparently, $2 million wasn’t enough of a wake-up call.

Liberty Mutual initially denied the breach, telling reporters in early May that a review found “no evidence of a compromise of internal systems” and pointing instead to “a third-party service provider who may be impacted.” But the Everest Group had already begun leaking customer documents proving the breach was real and extensive.

According to the ransomware gang’s public statements, “all the data was duplicated across various hacker forums and leak database sites,” meaning your information isn’t just with one criminal group, but potentially hundreds.

Insurance Companies Collect Everything but Protect Nothing

Here’s the incentive structure that makes this predictable: insurance companies demand vast amounts of personal data as a condition of coverage — your Social Security number, financial information, health records, driving history, home address, family details. They need this information to assess risk and set premiums.

But once they have your data, there’s no equivalent requirement to protect it proportionally. Liberty Mutual collects sensitive information from millions of customers, but the company’s security investments clearly haven’t matched the value of what they’re protecting.

The math is simple:

• Data collection is mandatory for their business model
• Cybersecurity is just a cost center
• Breach consequences are manageable compared to ongoing revenue

When companies get breached, they face some regulatory fines and class action settlements — but they don’t lose customers at scale because switching insurance is complicated and most people don’t even know about breaches until months later.

What the Everest Group Actually Stole

The Everest Group is described by security researchers as a “well-established ransomware-as-a-service operation” that has been active since 2020. They typically target mid-sized to large organizations across health care, manufacturing, financial services, and government sectors using “compromised credentials, phishing and exploitation of exposed or unpatched services.”

The federal lawsuit details exactly what’s now in criminal hands:

• Personal identifiers — names, dates of birth, Social Security numbers
• Financial information — bank details, payment methods, policy financials
• Health insurance data — medical coverage details, claims information
• Contact information — home addresses, phone numbers, email addresses
• Policy documents — thousands of individual insurance forms and contracts

The scope extends beyond customer data. Internal Liberty Mutual documents, employee information, and business communications may also be compromised, creating additional risks for both the company and its stakeholders.

The Company’s Response Reveals the Problem

Liberty Mutual’s initial response — denying the breach and blaming a third-party vendor — demonstrates exactly why these incidents keep happening.

Even after the Everest Group published proof of the stolen data, the company maintained there was no evidence of a compromise.

This response pattern appears frequently in corporate data breaches:

• Companies routinely minimize breach disclosures
• Delay notifications, and
• Shift blame to vendors

The incentive is clear: Admitting a major security failure hurts stock prices, triggers regulatory investigations, and generates negative publicity.

What makes this worse is that insurance companies are supposed to be risk management experts. If Liberty Mutual can’t protect its own data systems, how can customers trust them to assess and manage other risks?

Join the Liberty Mutual Class Action Lawsuit

Data breaches involving insurance companies can expose sensitive financial and personal information that may be valuable to identity thieves for years.

If you’re a current or former Liberty Mutual customer, taking action quickly may help reduce the risk of fraud and strengthen any future legal claim tied to the breach:

• Check if you’re affected: Contact Liberty Mutual directly at 1-800-290-8711 to confirm whether your policy information was included in the breach. The company has not yet sent notification letters to all affected customers.
• Join the Liberty Mutual class action lawsuit: The federal lawsuit filed in Massachusetts federal court seeks damages for negligent data security. If you’re a current or former Liberty Mutual customer, you may be eligible to join the class.
• File a complaint with regulators: Report the incident to your state insurance commissioner through the National Association of Insurance Commissioners directory.
• Monitor your credit and identity: Place fraud alerts on your credit reports with all three bureaus and consider freezing your credit if you’re not actively applying for loans. Monitor bank and insurance statements for unauthorized activity.
• Document any identity theft: If you experience fraud or identity theft that you believe is connected to this breach, document everything. Keep records of unauthorized accounts, fraudulent charges, or suspicious activity — this evidence will be crucial for any legal claims.

As lawsuits over major data breaches continue to grow, consumers are increasingly demanding accountability from companies entrusted with highly sensitive personal and financial information.

Did Liberty Mutual expose your personal data? If so, file a complaint, take steps to protect yourself against identity theft, and tell us about it.

Written by: Companies Behaving Badly

The team behind it all.