Washington National Breach Victim Says Disclosure Was Too Vague
They started by gathering background information on a CNO executive. They used what they learned to pretend to be CNO tech support team members and get more information from the executive.
The hackers then called the executive’s cell phone provider and tricked the provider into transferring control of the executive’s phone number to a device they controlled. The hackers used the cell phone to break into CNO computers.
CNO told officials in Maine and other states in January that they believe the breach occurred Nov. 28, 2023, and that they discovered the breach Nov. 29, 2023.
The breach may have led to the theft of customers’ Social Security numbers, customers’ names, dates of birth and policy numbers.
The breach notice: Chute said the breach notice letter she received left out the dates of the breach, details about the root cause of the breach, the vulnerabilities exploited and the measures taken to keep the breach from happening again.
The impact: Chute believes she has suffered concrete effects from the breach.
She learned that one of her debit cards was compromised in February, and she seems to be getting more spam calls, spam texts and spam emails, according to the complaint.
Credit: Sergey Nivens/Adobe Stock