1.1 million US consumers affected as insurance companies breached
The US insurance company Nationwide Mutual has revealed that its network, which it shares with Allied Insurance, was attacked on 3 October and that the attackers stole personal information from their network. Nationwide is one of the biggest insurance and financial services in the world. Although Nationwide does not give numbers of people affected, the Washington Post estimates that 1.1 million people's information has been compromised.
The information stolen includes names, birth dates, US social security numbers, and drivers licence numbers for customers and people who had contacted the company looking for a quotation for insurance. Other information may have included marital status, gender and work-related information such as company. Nationwide says it is sending letters to anyone it believes has been affected by the breach and is offering them free credit and identity theft monitoring through Equifax for a year. It adds that it is not aware of any case of the information involved being misused.
Law enforcement agencies, both local and federal, are investigating the breach, but the near one month delay between the detection of the breach and the disclosure to the public, which began on 2 November, could raise questions about disclosure requirements. According to a report in VentureBeat the company suspects the attack came from outside the United States, but does not explain the reason for this suspicion.