The insurer has announced a network attack that has compromised data from 1.1 million people.
Nationwide Mutual Insurance Co. has just revealed that back in October, someone hacked into a part of their computer network, making insurance news when the data of over 1.1 million people was breached.
The attack occurred on October 3 and involved the same network that is used by Allied.
It has now discovered that this insurance news involves a breach that has compromised personal data from customers which can include names, birth dates, driver’s license and Social Security numbers from both customers and people who had received quotes for coverage. It may also include the occupation, gender, and marital status of those individuals, and might involve the names and addresses of their employers, as well.
The insurance news doesn’t yet involve any evidence of misuse of the information that was compromised.
The insurer also indicated that this insurance news has not indicated that any credit card account information or medical data has been accessed.
Nationwide has announced that in light of the security breach, it will be issuing letters to the affected individuals in order to inform them of the breach and to offer them free identity theft protection and credit monitoring for a year.
The letter from the insurer states that “We discovered the attack that day, and took immediate steps to contain the intrusion. We believe that we successfully contained the attack through our responsive actions.” It also provided the recipients with an FAQ sheet to provide them with additional information. In it, it was suggested that the company believes that the hackers responsible for the breach are from outside the United States.
What is also making insurance news is that the investigation into the breach did not begin until October 16. It wasn’t until November 2 that the insurer discovered that there was information that had actually been breached and learned the names of the customers who had been identified. Until that point, they knew only that there had been a hack, not necessarily that customer and other private data had been involved. This case is now in the hands of law enforcement.