Skip to main content
data server

Milliman Solutions Data Breach Class Action Lawsuit | PBI

The Lyon Firm is investigating data breach claims on behalf of plaintiffs in Washington and nationwide who may have received a data breach notification letter from Pension Benefit Information (operating as PBI Research) or Milliman Solutions. 

Other impacted individuals may some connection to MEMBERS Life Insurance Company, CMFG Life Insurance Company, and The Independent Order of Foresters. 

Our legal team, along with some of the largest privacy firms in the country, has filed numerous lawsuits against PBI and Progress Software, alleging negligent IT security that led to the data theft of a large amount of personal data. Over 1.2 million victims were impacted by the Milliman Solutions breach. 

What Happened at Milliman Solutions?

On July 17, 2023, Milliman Solutions, LLC filed a notice of data breach with the Attorney General of Maine, noting that they discovered that one of the company’s vendors, Pension Benefit Information, LLC experienced a data security incident involving the MOVEit file transfer software.

In their letter, Milliman explained that the data security incident resulted in an unauthorized party accessing consumers’ sensitive information, which includes names and Social Security numbers.

After completing an initial investigation, Milliman Solutions determined that the incident involved customers of MEMBERS Life Insurance Company, CMFG Life Insurance Company, and The Independent Order of Foresters.

If you received a data breach notification from Milliman Solutions, Pension Benefit Information or another entity linked to the MOVEit ransomware attack, contact our lawyers to discuss your legal options.

How is This Related to PBI and MOVEit?

The MOVEit software that was originally hacked was used by thousands of companies around the world, ironically, to safely transfer sensitive files back and forth. This has impacted hundreds of organizations and tens of millions of consumers.

The connection between PBI and Milliman is that when Milliman Solutions verifies that a policy-holder has died on behalf of an insurance company, it contacts PBI. The verification process involves Milliman Solutions sharing a name and SSN with PBI.

As explained on their notice to state Attorney Generals, Milliman Solutions provides risk assessment services to clients including life insurance companies. As part of those services, they hire Pension Benefit Information (PBI), to conduct research on whether consumers have passed away. For that specific purpose, Milliman Solutions transferred personal data regarding its clients’ consumers to PBI utilizing the Progress Software MOVEit transfer tool.

PBI notified Milliman Solutions that they experienced a data security incident when they learned about the attack because it affected the data of company clients. According to information provided to Milliman, on or around May 31, 2023, Progress Software disclosed that its MOVEit Transfer software contained a previously unknown, “zero-day” vulnerability that could be exploited by an unauthorized actor (CVE-2023-34362).  A subsequent investigation determined that an unauthorized third party accessed a server on May 29 and May 30, 2023, and downloaded data.

What Data was Compromised in the Milliman Solutions Data Breach?

Although the data potentially leaked in the PBI data breach may not have included individual health information, it may have been stored in the same data set as PHI by Milliman Solutions or one of the health insurance companies it was providing services to, the breach qualified as a HIPAA data breach and they had to notify the HHS’ Office for Civil Rights.

Pension Benefit Information was one of hundreds of organizations to have information stolen by the Clop gang through the exploitation of the MOVEit vulnerability. Tens of millions have been impacted.

The Milliman Solutions clients whose data was potentially compromised in the incident include MEMBERS Life Insurance Company, CMFG Life Insurance Company, and The Independent Order of Foresters.

Milliman Solutions disclosed in letters to consumers that the breach involves the following sensitive confidential information:

  • Full Name
  • Social Security Number

If you or a loved one has been notified of a data theft incident, it is important to know what is at risk and learn more about how to protect yourself. There are a number of ways you can try to mitigate the risk of further damage, and ways to get compensated for your losses.

More About Milliman Solutions

Founded in 1947, Milliman Solutions, LLC is an insurance services based in and operating out of Seattle, Washington. The company provides risk-assessment services to clients in multiple industries, including insurance, education, union, government, financial, and nonprofit industries. They operate 62 offices throughout Africa, Asia, Europe, Latin America, the Middle East, and North America. The company confirmed the data breach not long after it happened.

Can I Join the MOVEit Class Action?

If you or a loved one has been notified by a company regarding the PBI or MOVEit transfer attack data breach, you should contact an attorney to consider joining an existing class action lawsuit. Not only can you qualify for rightful compensation, you can hold any negligent company accountable for their actions.

Our legal team has already filed multiple related lawsuits, and the MOVEit – Progress Software litigation is ongoing. Call now to learn more about your next steps moving forward, and what the legal process looks like in a data privacy violation case.

By hiring an experienced data breach lawyer, you can leave the difficult tasks to us without any financial risk on your end. We have the resources and experience to take on the country’s largest corporations when they violate your rights to privacy. Contact us for a free consultation, and to learn about what to expect moving forward.