What information was exposed during the cyberattack?
New York Life Insurance Company has fallen victim to a major data breach, exposing the personal information of thousands of its customers.
The breach, attributed to a cyberattack on the MOVEit file transfer program, has impacted an estimated 40 million individuals, including clients of the insurance giant.
The breach occurred between May 29 and May 30 and targeted New York Life’s third-party vendor, Pension Benefit Information (PBI). It compromised sensitive data, including Social Security numbers.
The attackers, believed to be associated with the Russian group Clop, exploited a security vulnerability in the MOVEit transfer system to carry out the breach.
The breach was discovered by New York Life on June 6, 2023, leading to a swift response to mitigate potential damages.
The company’s notification to the Maine attorney general’s office revealed that 25,685 of its customers were affected by the breach.
How does New York Life respond to the Data breach?
New York Life, one of the world’s largest corporations, has taken steps to protect its clients in the aftermath of the attack.
The company is offering affected customers 12 months of Kroll Identity Monitoring services, coupled with access to Kroll’s team of fraud specialists and licensed investigators.
This move follows the pattern set by other organizations impacted by the breach, which have offered varying durations of identity theft protection to victims.
The repercussions of the MOVEit breach have extended beyond New York Life, enveloping more than 600 institutions worldwide, including prominent entities such as the California Public Employees’ Retirement System (CalPERS), the Tennessee Consolidated Retirement System (TCRS), and TIAA.
Legal actions have ensued, with victims seeking compensation for the exposure of their personal information.
Consumer-rights law firm Hagens Berman has filed five nationwide class-action lawsuits against Progress Software Corporation (PSC), the company behind MOVEit, alleging negligence in safeguarding sensitive personal data.
d

What are the lessons learned from the MOVEit data breach?
The breach has drawn attention to the escalating risks posed by third-party vendors, with PBI being the latest in a series of entities affected by the MOVEit Transfer attacks.
The compromised data, including Social Security numbers, poses a grave threat to affected individuals, as cybercriminals can potentially exploit the information for identity theft.
This can lead to all sorts of problems for the insured people, including insurance issues or even insurance fraud.
The breach has brought to light the importance of robust cybersecurity protocols, regular vulnerability assessments, and close collaboration with third-party vendors to ensure the security of sensitive customer information.
As investigations into the breach continue, affected organizations and individuals are grappling with the consequences of the security lapse, emphasizing the urgency of fortifying defenses against evolving cyber threats.