A life insurance company has notified affected policy holders after sensitive information disclosed in data breach.
On June 18, 2023, Genworth Life Insurance Company and Genworth Life Insurance Company of New York notified Brighthouse Life Insurance Company of a security incident at Genworth’s third-party vendor, PBI Research Services, that compromised the data of certain BLIC policyholders. On June 20, 2023, Genworth provided BLIC with the resident state information for the impacted policyholders.
Genworth administers a block of long-term care insurance policies for BLIC. Genworth contracts with PBI to identify policyholder deaths. PBI uses MOVEit, a data transfer software developed by Progress Software, to perform the death matching services. PBI shared with its clients that a vulnerability in MOVEit had caused the security incident, which took place on May 29, 2023 and May 30, 2023. PBI also notified Genworth that it implemented Progress Software’s security patches on June 2, 2023, to eliminate the vulnerability. The incident did not impact any BLIC information systems.
The incident resulted in the disclosure of the full name, Social Security number, date of birth, ZIP code, state of residence and policy number of the affected BLIC policyholders.
Affected policyholders are being notified by mail, which provides them with further information regarding the incident and how to enroll in 24 months of complimentary credit monitoring. Affected policyholders are encouraged to remain vigilant by reviewing their account statements and credit reports closely. If suspicious activity on an account is detected, affected policyholders should report the activity accordingly.