Pan-American Life Insurance Group, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Pan-American Life Insurance Group, Inc. (PALIG), based in New Orleans, Louisiana, experienced a significant data security incident due to a cyberattack exploiting a vulnerability in Progress Software’s MOVEit Transfer software. This incident was part of a broader attack that affected various organizations using the MOVEit software, which is designed for secure file transfer. The vulnerability was a critical, zero-day flaw that allowed unauthorized third parties to access and potentially exfiltrate sensitive data.
Upon discovering the vulnerability, Progress Software advised users to disable the MOVEit software until a patch could be applied. PALIG responded by immediately ceasing the use of MOVEit Transfer, disabling it within their systems, and applying all security patches provided by Progress Software as soon as they became available. To address the breach, PALIG engaged third-party cybersecurity experts to conduct a thorough investigation into the incident and to assist in strengthening their systems against future attacks. Law enforcement was also notified of the breach.
The investigation revealed that an unauthorized party had indeed accessed and taken files through PALIG’s use of MOVEit Transfer. The compromised data, identified on October 5, 2023, included personal information of individuals such as names, addresses, social security numbers, dates of birth, driver’s license numbers, contact information, medical and medical benefits information, subscriber numbers, certain biometric data, and financial account and credit card information. Despite the breach, there was no evidence to suggest that the stolen information had been used for fraudulent purposes.
In response to the incident, PALIG has taken steps to notify affected individuals by mail, explaining the nature of the breach and the information potentially compromised. Additionally, the company is offering credit monitoring, identity theft protection, and insurance services to those impacted, as a precautionary measure to help protect their identities and financial information.
PALIG has expressed its commitment to the privacy and security of client information, emphasizing ongoing efforts to evaluate and enhance the cybersecurity measures in place, especially concerning third-party software tools. For more details on the incident and the resources available to affected individuals, PALIG has made information available on its website.
This breach is a stark reminder of the importance of cybersecurity vigilance and the potential risks associated with third-party software solutions. It underscores the need for continuous monitoring, timely application of security patches, and comprehensive incident response strategies to mitigate the impact of such security incidents[1][4][6].
Citations:
- https://www.businesswire.com/news/home/20231204793300/en/Pan-American-Life-Insurance-Group-Announces-Data-Security-Incident
- https://apps.web.maine.gov/online/aeviewer/ME/40/764adf0f-493b-4c85-abc8-86071223b625.shtml
- https://www.cigna.com
- https://www.nola.com/news/business/pan-american-life-hit-by-same-cyber-attack-that-hit-omv/article_ef5fadee-93c2-11ee-b7a0-d709ed6027f1.html
- https://www.mutualofamerica.com
- https://www.idstrong.com/sentinel/moveit-breach-105k-insurance-records-stolen/
- https://home.globelifeinsurance.com
- https://casetext.com/case/inabnet-v-pan-american-life-insurance-co
- https://www.amfam.com
- https://www.atg.wa.gov/data-breach-notifications
- https://www.humana.com
- https://www.nola.com/news/business/pan-american-life-cyber-attack-has-left-most-customers-unable-to-reach-the-insurer/article_33805ae4-7dd9-11eb-aac1-1f2646b16742.html
- https://www.zurichna.com
- https://www.palig.com/privacy-policy-internet
- https://www.primerica.com/public/
- https://oag.ca.gov/privacy/databreach/list
- https://www.massmutual.com