Everest Group Leaks Alleged 108 GB of Liberty Mutual Policyholder Data
What Happened
On May 4 2026 the ransomware gang Everest Group announced that it had exfiltrated and begun publicly leaking roughly 108 GB of files it claims were stolen from insurer Liberty Mutual on April 30. The data set includes policyholder names, addresses, policy numbers and financial/insurance details. Liberty Mutual confirmed the allegation and said the breach appears to involve a third‑party vendor, but its own networks have not been confirmed as compromised.
Why It Matters for TPRM
- A breach at a third‑party vendor can expose your organization’s data even when your own systems remain intact.
- The scale (tens of thousands of records) and sensitivity (financial and insurance details) heighten regulatory, reputational, and financial risk for any downstream partners.
Who Is Affected
- Property & casualty insurers and their underwriting divisions
- Third‑party data processors, claims‑management platforms, and SaaS providers serving the insurance sector
- Policyholders whose personal and financial information was disclosed
- Any enterprises that share data with Liberty Mutual or its vendors (e.g., brokers, reinsurers)
Recommended Actions
- Identify any contracts or data flows that involve Liberty Mutual or its known vendors.
- Verify that you have up‑to‑date breach‑notification and incident‑response clauses in those agreements.
- Confirm that continuous monitoring, log‑analysis, and threat‑intelligence feeds are covering the relevant vendor ecosystem.
- Request a detailed post‑incident report from Liberty Mutual, including any vendor‑specific findings and remediation steps.
Technical Notes
- Attack vector: Ransomware exfiltration via a compromised third‑party vendor used by Liberty Mutual.
- CVEs: None disclosed in the public reporting.
- Data types exposed: Customer names, mailing addresses, policy numbers, financial details, insurance coverage information.
Source: DataBreachToday – Everest Group Begins Leaking Alleged Liberty Mutual Data