American National Group, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Overview of the American National Group Data Breach

In May 2023, American National Group, LLC, also known as American National Insurance Company (ANICO), experienced a significant data breach. This incident was linked to a vulnerability in the MOVEit Transfer application, a file transfer software created by Progress Software Corporation. The breach was part of a larger cybersecurity incident affecting various organizations globally due to the widespread use of MOVEit for business purposes.

Details of the Breach

The breach was first acknowledged by Progress Software Corporation on May 31, 2023, when they announced a previously unknown vulnerability in their MOVEit Transfer application. American National Group’s investigation revealed that an unauthorized third party gained access to certain American National MOVEit systems on May 28, 2023. This unauthorized access led to the acquisition of files containing personal information belonging to American National’s customers[3].

The compromised information included sensitive data such as names, Social Security numbers, dates of birth, addresses, and in some cases, medical information. This breach exposed customers to potential risks of fraud and identity theft[1][3].

Response and Legal Actions

In response to the breach, American National Group took immediate steps to enhance the security of the MOVEit application, including applying software updates and implementing additional security measures. They also notified law enforcement and cooperated with their investigation. To support affected individuals, American National offered a complimentary two-year membership to Experian’s IdentityWorks Credit 3B, a service designed to help detect possible misuse of personal information and provide identity protection support[3].

Following the breach, a class action lawsuit was filed against American National Group, LLC, alleging negligence on the part of the company for failing to implement reasonable data security practices and for not ensuring that their IT vendor maintained adequate cybersecurity protocols. The lawsuit also criticized the company for the lack of detailed information in the notice letter sent to affected customers, arguing that this omission severely diminished the victims’ ability to mitigate the harms associated with the unauthorized exposure of their data[5].

Conclusion

The data breach at American National Group, LLC, serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to continuously monitor and update their security protocols. It also highlights the potential legal and reputational consequences companies face when sensitive customer information is compromised. As the investigation and legal proceedings continue, more information may become available regarding the breach’s full impact and the measures taken by American National to prevent future incidents[1][3][5].

Citations:

  1. https://www.jdsupra.com/legalnews/american-national-insurance-company-3470457/
  2. https://www.aig.com/home
  3. https://www.mass.gov/doc/assigned-data-breach-number-30193-american-national-group-llc/download
  4. https://www.nps.gov/index.htm
  5. https://www.classaction.org/news/american-national-insurance-company-facing-class-action-over-may-2023-data-breach
  6. https://www.jackson.com
  7. https://www.myinjuryattorney.com/american-national-insurance-company-data-breach-investigation/
  8. https://www.nrel.gov
  9. https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/AmericanNationalInsuranceCompany.pdf
  10. https://www.nfl.com
  11. https://www.maxeyfirm.com/data-breach-investigations/american-national-group-llc
  12. https://www.nbcnews.com
  13. https://www.classaction.org/media/matthews-v-american-national-group-llc.pdf
  14. https://www.ussoccer.com
  15. https://dockets.justia.com/docket/massachusetts/madce/1:2023cv12515/262747
  16. https://www.foxnews.com
Breach Submission Date Aug 11, 2023
Converted Entity Name American National Group, LLC
Converted Entity Type Health Plan
State TX
Individuals Affected 47,711
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes