What Happened
In 2025, MetLife (metlife.com) experienced multiple reported data security incidents, though the company denied core system breaches in some cases. Key confirmed events included a January 2, 2025, ransomware claim by RansomHub alleging theft of 1 terabyte of sensitive data (e.g., meeting logs, executive documents, financial records, and Latin American operations info from Brazil, Colombia, and Chile) from a subsidiary like Ecuador-based Fondo Genesis, which MetLife stated was isolated; a March 20, 2025, incident at vendor Bank of New York Mellon (BNY) exposing account holder data (exact types unspecified but involving insurance annuities and claims) for a small number of MetLife customers between December 2024 and March 2025; a January 29, 2026 breach (notified March 6, 2026, but tied to 2025 investigations) affecting over 500 California individuals with names, Social Security numbers, coverage details, and group numbers; and a June 2025 notification to the Texas AG confirming exposure of names, SSNs, dates of birth, and other sensitive data for 343 Texas residents. MetLife provided credit monitoring and emphasized containment, with ongoing class action probes.
