MOVEit Hack Hit These Life, Annuity and Retirement Firms

Analysis August 21, 2023 at 02:45 PM
Share & Print

The attack this year on the MOVEit file transfer system by the Cl0P ransomware gang has been especially cruel to your favorite clients.

The attack hit the conscientious people who buy life insurance to protect their loved ones; use life insurance, annuities or individual investment accounts to save for a dignified retirement; or participate in employer-sponsored retirement plans.

The Cl0P hackers got at those clients by finding and using a weakness in MOVEit, a tool from Progress Software that organizations use to move big batches of sensitive data.

MOVEit has a diverse user base, including weather researchers and the military.

Progress notes that it disclosed the vulnerability the hackers exploited May 31 and deployed a patch the same day.

Why Did the MOVEit Breach Affect So Many Insurance Companies?

MOVEit is a tool that's as common as shoes and socks at financial services companies, partly because PBI Research Services, a dominant player in the death audit services market, uses MOVEit to help companies determine whether insurance policy owners, annuity contract owners, investment account owners and retirement plan participants are still alive.

At least 1,006 organizations have reported MOVEit-related breaches as of Aug. 28, according to KonBriefing Research. Those reports have affected more than 49 million people.

What Happens Now?

In 2021, a typical U.S. Social Security number sold for about $2, meaning that, in theory, the MOVEit hack victims' numbers could be worth about $80 million on the resale market.

Whatever personal information was stolen may now be available for free, to people who know how to find it and use it, because Cl0p said earlier this month that it was dumping all of the records it hacked on the web, according to press reports.

Cybersecurity experts have suggested that organizations like Cl0p may try to supplement revenue from selling hacked personal data by trying to persuade affected companies to pay ransoms, to avoid having hacked data exposed.

Many financial services organizations are still trying to determine whether they were breached and how to report a breach. Most Cl0p breach size information comes from companies that happened to send reports to the Office of the Maine Attorney General, which posts a breach list that includes national impact estimates.

If organizations have reported breaches only to a state like California or Maine, national estimates of the number of people affected by those breaches may be unavailable.

Here's a list of the MOVEit-related life, annuity, asset management, retirement services and support services organization breaches we could find, based on the breach feeds provided by Maine, California and other states, and on disclosure notices some companies filed with the U.S. Securities and Exchange Commission.

We excluded local banks, credit unions, health insurers, property and casualty insurers, and we included some organizations outside the retirement services sector, like Maximus, a major Medicare and Affordable Care Act public exchange services vendor, because of their importance to retirees' and near retirees' lives. We will update this list as more information becomes available.

Some companies consolidate breach reporting at the parent-company level. Others report through subsidiaries, through vendors or through a combination of two or more strategies.

As of Aug. 28, the breach reports summarized here that include national customer impact estimates show that more than 26 million people may have been affected.

The current estimates of the number of people affected could include a significant amount of double counting, with some accounts reported by several different entities, and some people owning two or more separate affected accounts. But this list also includes many entities for which national impact estimates were not readily available.

American National Group

Date reported: Aug. 9

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Experian IdentityWorks

Athene Annuity and Life Co. and its affiliates

Date reported: July 20

Number of people or accounts who could be at risk: 70,412

Identity protection service offered: Kroll

Aurora National Life Assurance Co. (Reinsurance Group of America)

Date reported: July 21

Number of people or accounts who could be at risk: 48,457

Identity protection service offered: Norton LifeLock's LifeLock Defender

California State Teachers' Retirement System

Date reported: March 24

Number of people or accounts who could be at risk: NA

Identity protection service offered: Experian IdentityWorks

CalPERS

Date reported: June 22

Number of people or accounts who could be at risk: 769,000

Identity protection service offered: Experian IdentityWorks

Charles Schwab & Co.

Date reported: June 9

Number of people or accounts who could be at risk: NA

Identity protection service offered: TransUnion IdentityForce

Clear Spring Life and Annuity Company (Group 1001)

Date reported: July 27

Number of people or accounts who could be at risk: 4,393

Identity protection service offered: IDX

Club Vita US

Date reported: Aug. 10

Number of people or accounts who could be at risk: 4,821

Identity protection service offered: Kroll

Continental General Insurance

Date reported: Aug. 28

Number of people or accounts who could be at risk: 38,886

Identity protection service offered: Kroll

EP Global Production Solutions

Date reported: Aug. 11

Number of people or accounts who could be at risk: 471,362

Identity protection service offered: Kroll

Ernst & Young

Date reported: Aug. 9

Number of people or accounts who could be at risk: 30,210

Identity protection service offered: Experian

Fidelity & Guaranty Life Insurance Co.

Date reported: July 20

Number of people or accounts who could be at risk: 873,000

Identity protection service offered: Kroll

Fidelity Investments

Date reported: July 12

Number of people or accounts who could be at risk: 371,359

Identity protection service offered: Kroll

Fidelity Life Association

Date reported: Aug. 9

Number of people or accounts who could be at risk: 250,000

Identity protection service offered: Kroll

Genworth

Date reported: July 27

Number of people or accounts who could be at risk: 2,500,000

Identity protection service offered: Kroll

Group 1001 Resources

Date reported: July 28

Number of people or accounts who could be at risk: 3,169

Identity protection service offered: IDX

Hartford Life and Accident Insurance Co.

Date reported: Aug. 3

Number of people or accounts who could be at risk: 713,264

Identity protection service offered: Kroll

Jackson National

Date reported: June 20

Number of people or accounts who could be at risk: 850,000

Identity protection service offered: Kroll

Lumico Life Insurance Co., Elips Life Insurance Co.

Date reported: Aug. 1

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Kroll

Massachusetts Mutual Life Co.

Date reported: July 19

Number of people or accounts who could be at risk: 242

Identity protection service offered: Kroll

Maximus

Date reported: July 28

Number of people or accounts who could be at risk: 8,000,000

Identity protection service offered: Experian IdentityWorks

Milliman Solutions

Date reported: July 17

Number of people or accounts who could be at risk: 1,280,823

Identity protection service offered: Kroll

MOVEit file transfer software from Progress

Date reported: Aug. 9

Number of people or accounts who could be at risk: 4,457

Identity protection service offered: Experian IdentityWorks

New York Life Insurance Co. (Report 1)

Date reported: Aug. 10

Number of people or accounts who could be at risk: 1,367

Identity protection service offered: Kroll

New York Life Insurance Co. (Report 2)

Date reported: Aug. 11

Number of people or accounts who could be at risk: 25,685

Identity protection service offered: Kroll

New York Life Insurance Co. (Report 3)

Date reported: Aug. 21

Number of people or accounts who could be at risk: 35,062

Identity protection service offered: Kroll

Northwestern Mutual Life Insurance Co.

Date reported: Aug. 7

Number of people or accounts who could be at risk: 9,923

Identity protection service offered: Kroll

Pension Benefit Information (Report 1)

Date reported: July 12

Number of people or accounts who could be at risk: 371,359

Identity protection service offered: Kroll

Pension Benefit Information (Report 2)

Date reported: Aug. 4

Number of people or accounts who could be at risk: 82,955

Identity protection service offered: Kroll

Pension Benefit Information (Report 3)

Date reported: Aug. 25

Number of people or accounts who could be at risk: 336,672

Identity protection service offered: Kroll

Sovos Compliance (Report 1)

Date reported: July 13

Number of people or accounts who could be at risk: 18,513

Identity protection service offered: Not available

Sovos Compliance (Report 2)

Date reported: Aug. 23

Number of people or accounts who could be at risk: 215,114

Identity protection service offered: Not available

T. Rowe Price Retirement Plan Services

Date reported: July 31

Number of people or accounts who could be at risk: 463

Identity protection service offered: Not available

Talcott Resolution Life Insurance Co.

Date reported: July 25

Number of people or accounts who could be at risk: 557,741

Identity protection service offered: Kroll

Number of people or accounts who could be at risk: 61,160

Identity protection service offered: TransUnion IdentityForce

 Teachers Retirement System of Georgia

Date reported: July 5

Number of people or accounts who could be at risk: 261,697

Identity protection service offered: Kroll

Teachers' Retirement System of the City of New York

Date reported: July 24

Number of people or accounts who could be at risk: 93,298

Identity protection service offered: Kroll

Tennessee Consolidated Retirement System

Date reported: June 28

Number of people or accounts who could be at risk: 171,836

Identity protection service offered: Kroll

The Johns Hopkins University, The Johns Hopkins Health System Corporation, and the Kennedy Krieger Institute

Date reported: July 25

Number of people or accounts who could be at risk: 363,885

Identity protection service offered: IDX

Number of people or accounts who could be at risk: 320,840

Identity protection service offered: Kroll

The Union Labor Life Insurance C.

Date reported: July 10

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Not available

TIAA

Date reported: July 14

Number of people or accounts who could be at risk: 2,373,076

Identity protection service offered: Kroll

TIAA Kaspick

Date reported: July 27

Number of people or accounts who could be at risk: 27,946

Identity protection service offered: Kroll

Transamerica Life Insurance Co.

Date reported: Aug. 4

Number of people or accounts who could be at risk: Not available

Identity protection service offered: Not available

Union Bank and Trust

Date reported: June 30

Number of people or accounts who could be at risk: 204,291

Identity protection service offered: Kroll

UnitedHealthcare Student Resources

Date reported: July 21

Number of people or accounts who could be at risk: Not available

Identity protection service offered: NortonLifeLock's LifeLock Standard

VALIC Retirement Services Co. (Corebridge)

Date reported: July 31

Number of people or accounts who could be at risk: 798,000

Identity protection service offered: Kroll

Washington National Insurance Co. (CNO Financial)

Date reported: Aug. 8

Number of people or accounts who could be at risk: 4,150

Identity protection service offered: Kroll

Wealth Enhancement Group

Date reported: June 29

Number of people or accounts who could be at risk: 1,965

Identity protection service offered: Experian IdentityWorks

Willis Towers Watson US and its affiliate Acclaris

Date reported: Aug. 8

Number of people or accounts who could be at risk: 1,765

Identity protection service offered: Kroll

Wilton Reassurance Co.

Date reported: Aug. 10

Number of people or accounts who could be at risk: 1,227,060

Identity protection service offered: Kroll

Credit: Shutterstock

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center