Nationwide Insurance said the Federal Bureau of Investigation is probing a cyber security breach that affects thousands of the insurer's policyholders and other consumers in Georgia and hundreds more in at least one other state.
Elizabeth Giannetti, communications consultant at Nationwide, said in a written statement the company is working with law enforcement to investigate an Oct. 3 criminal attack on part of its computer network that contained personally identifiable information of current, former and prospective Nationwide and Allied Insurance customers. The statement said the company hired independent third-party experts to analyze the data and computer network. The statement said this team worked to identify the customers affected and the information that could be at risk.
Nationwide remains unaware of any misuse of the information accessed and Giannetti said the company is unaware of any major prior breaches. State regulators have been informed and individuals affected are being notified by direct mail, the statement said. The company is not disclosing the total number of affected persons, but is offering them free credit monitoring and identity theft protection services from Equifax for one year.
Glenn Allen, a spokesman in the Georgia Department of Insurance, said Nationwide contacted the state about the breach. The personal information of 28,467 Georgians was accessed, according to a consumer alert from Commissioner Ralph Hudgens. Nationwide sent notification to each customer Nov. 16, Hudgens' statement said. Nationwide will provide the department with evidence of written notice to the members and applicants regarding the improper disclosure of private information of customers, Hudgens said.
The personal information of 534 Oklahomans may have been compromised during the breach, according to a statement from the Oklahoma Insurance Department. Initial analysis shows compromised information included names, and a combination of customers' Social Security numbers, driver's licence numbers and dates of birth, the OID said. Other possible items accessed could include customers' marital status, gender, occupation, and their employers' names and addresses.
Oliver Brew, vice president of property/casualty for Liberty International Underwriters, a member of the Liberty Mutual Group, told Best's News Service earlier this year that major security breaches typically prompt interest in or at least discussion about cyber liability insurance purchases. Claims in this area in recent years have been insured and cyber liability rates are becoming more affordable as the pool for such products has grown.
Insurers have been among the companies suffering cyber security breaches. In July 2011, a California state court judge gave preliminary approval to a class-action settlement of a suit alleging Anthem Blue Cross of California and several sister companies of improperly storing personal information and electronic versions of individual health insurance applications for more than 600,000 customers.
In early 2011, Health Net Inc. was investigated by the California Department of Managed Health Care after reporting that nine of its server drives containing personal information for 1.9 million current and former enrollees across the United States were missing, including those for 622,000 enrollees in Health Net plans that it regulates, more than 223,000 in plans regulated by the state Department of Insurance and some in Medicare.