A data breach at Bankers Life might have compromised the personally identifiable information of over half a million people.
On 25 October 2018, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights’ Breach Portal at the U.S. Department of Health and Human Services. The report revealed an instance of unauthorized access/disclosure involving one of the subsidiaries of CNO that provide insurance products and services to U.S. customers. It also specified that the security incident had potentially affected 566,217 people.
DataBreaches.net traced the event to Bankers Life after discovering a breach announcement made by the CNO subsidiary. Here’s what the company told customers about the data security issue:
We recently discovered that unauthorized third parties accessed credentials belonging to a limited number of our employees between May 30 and September 13, 2018. During this period, unauthorized third parties used improperly obtained employee information to gain access to certain company websites, potentially resulting in unauthorized access to personal information of policyholders and applicants.
It’s unclear from the announcement how the actors responsible for the incident obtained those employees’ credentials in the first place.
After learning of the suspicious activity on 7 August, Bankers Life explained in its statement that it notified federal law enforcement and hired an external forensics investigator. This expert helped determine that the incident might have compromised affected users’ names, addresses, dates of birth, insurance information and the last four digits of their Social Security Number. The investigation also found that attackers might have exposed more sensitive pieces of information including full Social Security Numbers and banking information for a minority of victims.
Bankers Life said it contacted all possible victims of the data breach and offered free credit monitoring and identity protection services to all affected individuals. It (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/half-a-million-people-potentially-affected-by-data-breach-at-bankers-life/