bankers life hack data breach training education security news

Bankers Life Data Breach Impacting 566,000 People

My stomach turns into knots just thinking about receiving a notice in the mail from my bank, stating that my information was leaked in a security breach. Unfortunately, 566,000 Bankers Life and Medicare supplemental insurance policyholders are enduring their personal information exposed in a hacking incident.

The Breach

CNO Financial Group reported their extension company, Bankers Life’s incident to the Department of Health and Human Services as an “unauthorized access/disclosure” breach.  Making this the fifth largest incident to the HIPAA Breach Reporting Tool aka “wall of shame” which lists health data breaches that impact 500 or more people.

Bankers Life learned about the breach on August 7th, stating that unauthorized third parties accessed credentials of a “limited number” of Bankers Life employees between May 30 and September 13th.

“During this period, unauthorized third parties used improperly obtained employee information to gain access to certain company websites, potentially resulting in unauthorized access to personal information of policyholders and applicants,” the insurer says. “Based on the investigation, the company has no reason to believe that its systems or network have been otherwise compromised.”

Security Precautions

Bankers Life enhanced their security procedures by further restricting and monitoring access to the systems.

“Federal law enforcement informed Bankers Life that disclosure of the incident could interfere with or impede its investigation,” the insurer says. “Once this concern was removed, the company promptly notified consumers and regulators as required by law and additional individuals whose information may have been accessed.”

Personal information that may have been leaked includes names, addresses, dates of birth, insurance information – such as application or policy number, types of insurance, premiums, dates of service and claim amounts – and the last four digits of Social Security numbers, the statement says.

“Except for a limited group of individuals, the investigation has not identified any unauthorized access to full Social Security numbers, driver’s license or state identification card numbers, bank account numbers, or medications, diagnosis or treatment plan information. In addition, based on the investigation, no credit or debit card information was accessed,” the statement notes.

Phish Attack

The incident was caused by an attacker obtaining credentials of a Banker Life employee(s) that may have involved a phishing attack.

“The days of poorly spelled phishing attempts are generally behind us. Today’s phishing attempts are much more sophisticated, often coming from a known sender whose account was hacked,” says privacy attorney Adam Greene of the law firm Davis Wright Tremaine.

Borten notes: “Phishing will continue to be a gaping hole in our security defenses since success or failure comes down to each individual.”

Bankers Life is offering free identity repair and credit monitoring services to all affect individuals.

Original Article Found Here.