American National Group, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Overview of the American National Group Data Breach
In May 2023, American National Group, LLC, also known as American National Insurance Company (ANICO), experienced a significant data breach. This incident was linked to a vulnerability in the MOVEit Transfer application, a file transfer software created by Progress Software Corporation. The breach was part of a larger cybersecurity incident affecting various organizations globally due to the widespread use of MOVEit for business purposes.
Details of the Breach
The breach was first acknowledged by Progress Software Corporation on May 31, 2023, when they announced a previously unknown vulnerability in their MOVEit Transfer application. American National Group’s investigation revealed that an unauthorized third party gained access to certain American National MOVEit systems on May 28, 2023. This unauthorized access led to the acquisition of files containing personal information belonging to American National’s customers[3].
The compromised information included sensitive data such as names, Social Security numbers, dates of birth, addresses, and in some cases, medical information. This breach exposed customers to potential risks of fraud and identity theft[1][3].
Response and Legal Actions
In response to the breach, American National Group took immediate steps to enhance the security of the MOVEit application, including applying software updates and implementing additional security measures. They also notified law enforcement and cooperated with their investigation. To support affected individuals, American National offered a complimentary two-year membership to Experian’s IdentityWorks Credit 3B, a service designed to help detect possible misuse of personal information and provide identity protection support[3].
Following the breach, a class action lawsuit was filed against American National Group, LLC, alleging negligence on the part of the company for failing to implement reasonable data security practices and for not ensuring that their IT vendor maintained adequate cybersecurity protocols. The lawsuit also criticized the company for the lack of detailed information in the notice letter sent to affected customers, arguing that this omission severely diminished the victims’ ability to mitigate the harms associated with the unauthorized exposure of their data[5].
Conclusion
The data breach at American National Group, LLC, serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to continuously monitor and update their security protocols. It also highlights the potential legal and reputational consequences companies face when sensitive customer information is compromised. As the investigation and legal proceedings continue, more information may become available regarding the breach’s full impact and the measures taken by American National to prevent future incidents[1][3][5].
Citations:
- https://www.jdsupra.com/legalnews/american-national-insurance-company-3470457/
- https://www.aig.com/home
- https://www.mass.gov/doc/assigned-data-breach-number-30193-american-national-group-llc/download
- https://www.nps.gov/index.htm
- https://www.classaction.org/news/american-national-insurance-company-facing-class-action-over-may-2023-data-breach
- https://www.jackson.com
- https://www.myinjuryattorney.com/american-national-insurance-company-data-breach-investigation/
- https://www.nrel.gov
- https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/AmericanNationalInsuranceCompany.pdf
- https://www.nfl.com
- https://www.maxeyfirm.com/data-breach-investigations/american-national-group-llc
- https://www.nbcnews.com
- https://www.classaction.org/media/matthews-v-american-national-group-llc.pdf
- https://www.ussoccer.com
- https://dockets.justia.com/docket/massachusetts/madce/1:2023cv12515/262747
- https://www.foxnews.com