Helpful Articles

Console & Associates, P.C.: Data of More than 790k People Exposed in VALIC Retirement Services Company Data Breach Related to MOVEit Vulnerability

VALIC Retirement Services Company, also known as VRSCO or VALIC has notified the Attorney General of Maine of a major data breach. Like many other companies, VALIC relies on PBI as a vendor, and this has exposed VALIC to the infamous MOVEIt vulnerability of May 2023. As a result, hackers have accessed the data of approximately 798k VALIC customers. There are many types of data among the leaks, but the most harmful example may be pairs of Social Security numbers and names.

If you’ve received a data breach notification letter from VALIC or PBI, you need to read it closely. If you’re considering a VALIC data breach lawsuit, call 866-778-5500 or send us an email to, and our experienced data breach lawyers will answer all of your questions.

To learn more about the VALIC data breach, read our blog post here:

Roots of the PBI / VRSCO Data Breach

While the VRSCO data breach is fresh news, the origin of the breach has become familiar to many. This is because the breach originated with a vulnerability in the MOVEit file transfer protocol that Progress Software develops and vendors such as PBI use. At the end of May 2023, Progress Software announced a serious day-zero vulnerability in the MOVEit tool, and hackers were able to steal the data of tens of millions of people between May 29 and May 30.

In the coming weeks, Progress notified PBI of the problem and PBI informed its clients, such as VALIC. The VALIC data breach investigation revealed that 798k of its customers were among those who lost their data during the breach. Furthermore, the company discovered that many different types of serious data were compromised. The specifics vary from one victim of the breach to the next, but some types of compromised information include:

?      Name

?      Social Security number

?      Policy or account number

?      Date of birth

?      Address

By July 27th, VRSCO/VALIC had completed its investigation and begun sending out data breach notification letters.

Background on VALIC Retirement Services Company

While VALIC Retirement Services Company was once a subsidiary of AIG, it’s currently part of Corebridge Financial, Inc. It offers many retirement-related products and services, such as mutual funds, annuities, asset management programs, and life insurance. The company’s annual revenue is estimated to be more than $50 billion.

Such a large company should be able to protect customer data, but 800,000 customers have nonetheless lost their data to hackers. This is a serious risk to all of those who lost their data, with significant risks of time and financial loss. If negligence contributed to the breach itself or made it more difficult for the victims to protect themselves from identity theft, you may be able to seek compensation in court.

At the law firm of Console & Associates, P.C., we’re dedicated to finding justice for victims of data breaches. Call 866-778-5500 or send us an email to to schedule a free consultation and learn more about your legal rights.

About the Author
Richard Console
Posted - 08/05/2023