Liberty Mutual listed on ransomware leak site as Everest group claims 108 GB data theft

Liberty Mutual Insurance, a Boston-based global insurer, has been listed on a ransomware leak site operated by the Everest group, which claims to have stolen 108 gigabytes of company data and issued a three-day deadline for the firm to initiate contact before publication.

The ransomware group posted the insurer’s name on its dark web portal on Thursday alongside a countdown timer, stating that the files would be released once the deadline expires if no communication is established. The group claims the dataset consists of 52,429 files organized across 14,979 folders.

The alleged data cache is described as containing tens of thousands of insurance-related documents, including customer records, individual policy documents and internally generated forms. The group asserts that the collection includes personally identifiable information such as customer names, addresses, policy numbers, and financial and insurance-related details.

The dataset is said to include multiple file formats, including DOC, PDF, TXT, JSON, AFP, VPF and TGZ files. The files were reportedly compiled earlier this year, with a creation date of Jan. 26, 2026.

Sample files released as proof of the breach show limited sensitivity, featuring basic insurance policy information tied to several corporate clients, a terrorism policy covering the period from October 2025 to October 2026, and a group privacy notice. The organizations referenced in the samples appear to be insurance brokers operating in Florida, Illinois and Washington state.

Liberty Mutual has not publicly responded to the claims.

Founded more than a century ago, Liberty Mutual is one of the largest insurers globally, ranking sixth by size and operating in 27 countries and economies. The company reports annual consolidated revenue of approximately $50 billion and employs more than 40,000 people across its U.S. retail markets, Global Risk Solutions and investment divisions.

The incident marks another cybersecurity challenge for the insurer. In 2021, the company experienced multiple data breaches linked to third-party consumer quote tools, resulting in the exposure of personal data belonging to more than 50,000 policyholders in New York. In October 2025, Liberty Mutual was found liable in connection with those incidents and agreed to a $2 million settlement as part of a broader $14 million agreement involving 10 insurance companies. The settlement required participating firms to implement enhanced cybersecurity safeguards.

The company also entered the cyber insurance market in October, introducing coverage options for individuals and businesses seeking protection against ransomware and other cyber threats.

The Everest group has also listed Morae Global Corporation, a U.S.-based legal and compliance technology provider, claiming to have exfiltrated a separate 261 gigabyte dataset from that organization.