Life Health Running Your Business

Washington National Breach Victim Says Disclosure Was Too Vague

News March 11, 2024 at 11:02 AM
Share & Print
A hooded hacker uses a computer.

A data breach victim is making arguments that could end up shaping life, health and annuity issuers' breach notification letters.

Jenny Chute is seeking class-action status for a suit against Washington National Insurance Co., a subsidiary of CNO Financial.

The Meredosia, Illinois, resident is one of about 66,000 CNO customers affected by a cyberattack on the company's systems.

Chute argues in her complaint, which was filed in the U.S. District Court for the Southern District of Indiana, that the Washington National breach notice was too vague.

"This 'disclosure' amounts to no real disclosure at all, as it fails to inform, with any degree of specificity, plaintiff and members of the data breach's critical facts," according to the complaint.

CNO said it does not comment on ongoing litigation.

What it means: The Chute complaint and similar complaints could start discussions about how to improve breach notice letters.

The breach: The hackers involved in the CNO breach used a cell phone "SIM swapping" strategy.

They started by gathering background information on a CNO executive. They used what they learned to pretend to be CNO tech support team members and get more information from the executive.

The hackers then called the executive's cell phone provider and tricked the provider into transferring control of the executive's phone number to a device they controlled. The hackers used the cell phone to break into CNO computers.

CNO told officials in Maine and other states in January that they believe the breach occurred Nov. 28, 2023, and that they discovered the breach Nov. 29, 2023.

The breach may have led to the theft of customers' Social Security numbers, customers' names, dates of birth and policy numbers.

The breach notice: Chute said the breach notice letter she received left out the dates of the breach, details about the root cause of the breach, the vulnerabilities exploited and the measures taken to keep the breach from happening again.

The impact: Chute believes she has suffered concrete effects from the breach.

She learned that one of her debit cards was compromised in February, and she seems to be getting more spam calls, spam texts and spam emails, according to the complaint.

Credit: Sergey Nivens/Adobe Stock

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Schwab Reviewing Advisor Network Referral Fees 10 Reasons Friends and Family Members Need Insurance Businesses Can Use Life Settlements, Too ACORD Completes New Standardized Life Insurance Application Women May Hate Life Underwriting Exams More Than Men Do App Uses Pill Bottles to Look Up Medicare Drug Prices

Resource Center

Can Systematic Risk Be Reduced? link

Guide

Can Systematic Risk Be Reduced?

The Business Model Playbook: Mastering Technology for Firm Success link

Playbook

The Business Model Playbook: Mastering Technology for Firm Success

Harnessing AI to Power Advisor-Client Relationships link

White Paper

Harnessing AI to Power Advisor-Client Relationships