MOVEit Hack Hit These Life, Annuity and Retirement Firms

Hashed strings of information about attempted computer account log-ins

The attack this year on the MOVEit file transfer system by the Cl0P ransomware gang has been especially cruel to your favorite clients.

The attack hit the conscientious people who buy life insurance to protect their loved ones; use life insurance, annuities or individual investment accounts to save for a dignified retirement; or participate in employer-sponsored retirement plans.

The Cl0P hackers got at those clients by finding and using a weakness in MOVEit, a tool from Progress Software that organizations use to move big batches of sensitive data.

MOVEit has a diverse user base, including weather researchers and the military.

Why Did the MOVEit Breach Affect So Many Insurance Companies?

The tool is as common as shoes and socks at financial services companies, partly because PBI Research Services, a dominant player in the death audit services market, uses MOVEit to help companies determine whether insurance policy owners, annuity contract owners, investment account owners and retirement plan participants are still alive.

See also  PGIM Hires Economist Away From White House: Executives Changes

At least 734 organizations have reported MOVEit-related breaches, according to KonBriefing Research. Those reports have affected at least about 43 million people.

What Happens Now?

In 2021, a typical U.S. Social Security number sold for about $2, meaning that, in theory, the MOVEit hack victims’ numbers could be worth about $80 million on the resale market.

Whatever personal information was stolen may now be available for free, to people who know how to find it and use it, because Cl0p said earlier this month that it was dumping all of the records it hacked on the web, according to press reports.

Many financial services organizations are still trying to determine whether they were breached and how to report a breach. Most Cl0p breach size information comes from companies that happened to send reports to the Office of the Maine Attorney General, which posts a breach list that includes national impact estimates.

If organizations have reported breaches only to a state like California or Maine, national estimates of the number of people affected by those breaches may be unavailable.

Here’s a list of the MOVEit-related life, annuity, asset management, retirement services and support services organization breaches we could find, based on the breach feeds provided by Maine, California and other states, and on disclosure notices some companies filed with the U.S. Securities and Exchange Commission.

We excluded local banks, credit unions, health insurers, property and casualty insurers, and we included some organizations outside the retirement services sector, like Maximus, a major Medicare and Affordable Care Act public exchange services vendor, because of their importance to retirees’ and near retirees’ lives. We will update this list as more information becomes available.

See also  10-million-dollar life insurance policy cost in Florida

Some companies consolidate breach reporting at the parent-company level. Others report through subsidiaries, through vendors or through a combination of two or more strategies.

The current estimates of the number of people affected could include a significant amount of double counting, with some accounts reported by several different entities, and some people owning two or more separate affected accounts.

American National Group

Date reported: Aug. 9

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Experian IdentityWorks

Athene Annuity and Life Co. and its affiliates

Date reported: July 20

Number of people or accounts who could be at risk: 70,412

Identity protection service offered: Kroll

Aurora National Life Assurance Co. (Reinsurance Group of America)

Date reported: July 21

Number of people or accounts who could be at risk: 48,457

Identity protection service offered: Norton LifeLock’s LifeLock Defender

California State Teachers’ Retirement System

Date reported: March 24

Number of people or accounts who could be at risk: NA

Identity protection service offered: Experian IdentityWorks

CalPERS

Date reported: June 22

Number of people or accounts who could be at risk: 769,000

Identity protection service offered: Experian IdentityWorks

Charles Schwab & Co.

Date reported: June 9

Number of people or accounts who could be at risk: NA

Identity protection service offered: TransUnion IdentityForce

Clear Spring Life and Annuity Company (Group 1001)

Date reported: July 27

Number of people or accounts who could be at risk: 4,393

Identity protection service offered: IDX

Club Vita US

Date reported: Aug. 10

Number of people or accounts who could be at risk: 4,821

See also  Flourish Launches Annuity Platform for Fee-Based RIAs

Identity protection service offered: Kroll

EP Global Production Solutions

Date reported: Aug. 11

Number of people or accounts who could be at risk: 471,362

Identity protection service offered: Kroll

Ernst & Young

Date reported: Aug. 9

Number of people or accounts who could be at risk: 30,210

Identity protection service offered: Experian

Fidelity & Guaranty Life Insurance Co.

Date reported: July 20

Number of people or accounts who could be at risk: 873,000

Identity protection service offered: Kroll

Date reported: July 12

Number of people or accounts who could be at risk: 371,359

Identity protection service offered: Kroll

Fidelity Life Association

Date reported: Aug. 9

Number of people or accounts who could be at risk: 250,000

Identity protection service offered: Kroll

Date reported: July 27

Number of people or accounts who could be at risk: 2,500,000

Identity protection service offered: Kroll

Group 1001 Resources

Date reported: July 28

Number of people or accounts who could be at risk: 3,169

Identity protection service offered: IDX

Hartford Life and Accident Insurance Co.

Date reported: Aug. 3

Number of people or accounts who could be at risk: 713,264

Identity protection service offered: Kroll

Jackson National

Date reported: June 20

Number of people or accounts who could be at risk: 850,000

Identity protection service offered: Kroll

Lumico Life Insurance Co., Elips Life Insurance Co.

Date reported: Aug. 1

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Kroll

Massachusetts Mutual Life Co.

Date reported: July 19

Number of people or accounts who could be at risk: 242

Identity protection service offered: Kroll

Maximus

Date reported: July 28

Number of people or accounts who could be at risk: 8,000,000

Identity protection service offered: Experian IdentityWorks

Milliman Solutions

Date reported: July 17

Number of people or accounts who could be at risk: 1,280,823

Identity protection service offered: Kroll