Nationwide may not be on your side, at least when it comes to press containment and incident response. According to a letter from the insurance company recently delivered to customers, the firm is cleaning up after a nasty data breach. However, they’re not disclosing the full scale and scope of the breach itself in order to prevent panic, a Nationwide Mutual spokesperson has stated.
In a letter sent to clients, confirmed by state officials in California and Georgia, it was disclosed that on October 3, 2012, a portion of the computer network used by Nationwide and Allied Insurance agents was successfully compromised by an outside source. The attack was discovered that day, and the company’s incident response plans were placed into action.
On October 16 (thirteen days later), Nationwide ascertained that the attacker had stolen data from the network, and then on November 2 (seventeen days later) they stolen information was confirmed by the company. In statements to the press and various local media, Nationwide has not explained the gap in their investigation – nor have they explained why the security incident was disclosed 33-days after the fact.
“Although we are still investigating the incident, our initial analysis has indicated that the compromised information included your name and [Social Security number, driver’s license number, date of birth] and possibly your marital status, gender, and occupation, and the name and address of your employer. At this time, we have no evidence that any medical information or credit card account information was stolen in the attack,” a notice to Nationwide customers explains.
Nationwide will not say how many customers were impacted by the breach, but at least 28,000 customers in Georgia were expected to get a letter. This is important to note, because that total comes from Georgia’s state Insurance Commissioner’s office – and likely represents the grand total of Nationwide’s clients and applicants in the state.
Elizabeth Christopher Giannetti, a Nationwide Mutual spokesperson, told The Atlanta Journal-Constitution that only affected customers are being notified by the company. She declined to comment on the scope of the breach, saying that the company wished to avoid alarming customers who were not affected.
Since the breach impacts customers and those who applied to be customers, the total number of impacted customers is expected to be massive. The company is offering a year of credit monitoring and protection to those impacted by the breach.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
