One or more hackers persuaded a cell phone company to let them take over a CNO Financial Group executive's phone. Now the life and annuity issuer is facing lawsuits over the hackers' use of the phone to get at its data.
CNO believes the hackers could have seen customers' names, dates of birth, policy numbers and Social Security numbers, according to Maine's data breach reporting website.
The attack may have affected 45,842 customers at CNO's Bankers Life and Casualty unit and 20,360 customers at its Washington National unit. CNO offered affected customers one year of free access to identity theft protection services.
Plaintiffs have filed at least three class-action complaints over the breach in federal courts in Illinois and Indiana in the past week.
"Due to the pending litigation, CNO will not be providing any comment on the case," the company said Tuesday.
CNO: CNO is a Carmel, Indiana-based financial services company that sells life insurance, annuities, long-term care insurance and supplemental health insurance products, including Medicare supplement insurance and Medicare Advantage plans.
The attack: CNO said in notification letters sent in late January that it discovered the breach Nov. 29, 2023, and believes the breach occurred Nov. 28, 2023.
The breach was the result of "SIM swapping," the company said.
In a SIM swap attack, the hackers start by getting detailed information about the victims, according to the Cybersecurity and Infrastructure Security Agency.