Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

At Least 28,000 Affected In Breach At Nationwide Insurance

Nationwide may not be on your side, at least when it comes to press containment and incident response. According to a letter from the insurance company recently delivered to customers, the firm is cleaning up after a nasty data breach. However, they’re not disclosing the full scale and scope of the breach itself in order to prevent panic, a Nationwide Mutual spokesperson has stated.

Nationwide may not be on your side, at least when it comes to press containment and incident response. According to a letter from the insurance company recently delivered to customers, the firm is cleaning up after a nasty data breach. However, they’re not disclosing the full scale and scope of the breach itself in order to prevent panic, a Nationwide Mutual spokesperson has stated.

In a letter sent to clients, confirmed by state officials in California and Georgia, it was disclosed that on October 3, 2012, a portion of the computer network used by Nationwide and Allied Insurance agents was successfully compromised by an outside source. The attack was discovered that day, and the company’s incident response plans were placed into action.

On October 16 (thirteen days later), Nationwide ascertained that the attacker had stolen data from the network, and then on November 2 (seventeen days later) they stolen information was confirmed by the company. In statements to the press and various local media, Nationwide has not explained the gap in their investigation – nor have they explained why the security incident was disclosed 33-days after the fact.

“Although we are still investigating the incident, our initial analysis has indicated that the compromised information included your name and [Social Security number, driver’s license number, date of birth] and possibly your marital status, gender, and occupation, and the name and address of your employer. At this time, we have no evidence that any medical information or credit card account information was stolen in the attack,” a notice to Nationwide customers explains.

Nationwide will not say how many customers were impacted by the breach, but at least 28,000 customers in Georgia were expected to get a letter. This is important to note, because that total comes from Georgia’s state Insurance Commissioner’s office – and likely represents the grand total of Nationwide’s clients and applicants in the state.

Elizabeth Christopher Giannetti, a Nationwide Mutual spokesperson, told The Atlanta Journal-Constitution that only affected customers are being notified by the company. She declined to comment on the scope of the breach, saying that the company wished to avoid alarming customers who were not affected.

Since the breach impacts customers and those who applied to be customers, the total number of impacted customers is expected to be massive. The company is offering a year of credit monitoring and protection to those impacted by the breach.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.