New York Life Joins MOVEit Breach Notice List

InsuNews August 15, 2023
The rear view of a person in a hoodie, working on a computer.

What You Need to Know

MOVEit is a tool that administration firms use to move large batches of data.
The National Association of Insurance Commissioners had a link to MOVEit software on its own website.
The MOVEit breach could focus attention on cybersecurity at outside vendors that work with life and annuity issuers.

New York Life Insurance Co. has joined the long list of life insurance companies that have filed data breach notices with state regulators in connection with the Cl0p attack on MOVEit, a popular file transfer tool.

New York Life believes the attack may have exposed the personal information, including Social Security numbers, of 25,685 of its customers, according to a version of the notice posted by the Maine attorney general’s office last week.

Vendors that serve New York Life and other companies use MOVEit to move large batches of the sensitive personal information used to administer insurance policyholder, annuity contract holder and pension plan participant information. Cl0p succeeded at stealing large batches of the data by finding a weakness in MOVEit and burrowing into the servers used to provide the MOVEit services.

Bert Kondruss, managing director of KonBriefing Research, estimates that MOVEit-related breach reports show the attack has affected at least 677 organizations and 41 million people around the world.

Related: MOVEit Breach Put Data of 61,000 TD Ameritrade Clients at Risk

What It Means

Clients with a life insurance policy, an annuity or a retirement plan account may have already shown you a breach notice, or will show you a breach notice, and ask you what to do about it.

See also  Next Hearing Set for LPL Network Firm Employee Charged in Double Murder

The Players

New York Life and most other life insurers that have filed MOVEit breach reports were affected because they employed Pension Benefit Information to help them keep track of insureds and plan participants.

PBI used MOVEit, a system provided by Progress Software Corp., to manage the data files supporting the tracking process.

The Immediate Impact

For clients, the immediate impact will be offers of free access to identity monitoring services.

New York Life, for example, is offering 12 months of identity monitoring services from Kroll.

Many other insurers are offering 12 to 24 months of Kroll services, or similar types of services from vendors such as Experian.

Clients may wonder whether the identity services are legitimate and about what the identity monitoring services will do with their information.

The Litigation

Genworth Financial attracted attention from plaintiffs’ attorneys because it was the first life and annuity issuer to file a MOVEit breach notice with the U.S. Securities and Exchange Commission.

Tags: , ,

More Stories

10 Best Life Insurance Agencies of 2024

10 Best Life Insurance Agencies of 2024

InsuNews July 4, 2024
what questions are on mortgage protection application form?

How to Answer Life Insurance Health Questions in 2024

InsuNews July 4, 2024
S&P 500 on Digital background

S&P 500 Closes at Record High Ahead of Holiday

InsuNews July 3, 2024

You may have missed

Marcel Pitcher Joins DKI Canada as Vice-President of Membership Services

Marcel Pitcher Joins DKI Canada as Vice-President of Membership Services

InsuNews July 4, 2024
National Corvette Museum's newest exhibit commemorates the 2014 sinkhole

National Corvette Museum's newest exhibit commemorates the 2014 sinkhole

InsuNews July 4, 2024
First Western Physician Loan Review

Old National Bank Physician Mortgage: 2024 Review

InsuNews July 4, 2024
I Think I'm Done With Cars For Now

I Think I'm Done With Cars For Now

InsuNews July 4, 2024
Hudson Restoration Expands to Niagara with New Office and Branch Manager

Hudson Restoration Expands to Niagara with New Office and Branch Manager

InsuNews July 4, 2024