Life and Annuity Issuer Faces Suits Over 'SIM Swap' Cyberattack

News February 13, 2024 at 03:43 PM
Share & Print

One or more hackers persuaded a cell phone company to let them take over a CNO Financial Group executive's phone. Now the life and annuity issuer is facing lawsuits over the hackers' use of the phone to get at its data.

CNO believes the hackers could have seen customers' names, dates of birth, policy numbers and Social Security numbers, according to Maine's data breach reporting website.

The attack may have affected 45,842 customers at CNO's Bankers Life and Casualty unit and 20,360 customers at its Washington National unit. CNO offered affected customers one year of free access to identity theft protection services.

Plaintiffs have filed at least three class-action complaints over the breach in federal courts in Illinois and Indiana in the past week.

"Due to the pending litigation, CNO will not be providing any comment on the case," the company said Tuesday.

CNO: CNO is a Carmel, Indiana-based financial services company that sells life insurance, annuities, long-term care insurance and supplemental health insurance products, including Medicare supplement insurance and Medicare Advantage plans.

The attack: CNO said in notification letters sent in late January that it discovered the breach Nov. 29, 2023, and believes the breach occurred Nov. 28, 2023.

The breach was the result of "SIM swapping," the company said.

In a SIM swap attack, the hackers start by getting detailed information about the victims, according to the Cybersecurity and Infrastructure Security Agency.

The hackers use the personal information to call or email the worker and trick the worker into providing more information, such as usernames and passwords. The hackers then use the additional information to call a victim's cell phone company and have it put the victim's phone number on a device they control.

Once the hackers control the cell phone number, they can use it to get into many of the company information systems that the victim uses.

The SEC connection: Hackers used the same kind of SIM swapping to get into the U.S. Securities and Exchange Commission's Twitter account Jan. 9 and pretend the SEC had already approved spot Bitcoin ETFs.

The suits: Kenneth Harper sued Bankers Life in the U.S. District Court for the Northern District of Illinois Feb. 7.

Ranae Alison sued Bankers Life in the same court separately Monday.

Konnie Harrington sued Washington National in the U.S. District Court for the Southern District of Indiana Monday.

Attorneys at Cohen & Malad helped Alison and Harrington file their suits.

Credit: Adobe Stock

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center