Business

Global Atlantic Financial Group Data Breach

In May 2023, Global Atlantic Financial Group, a large insurance and retirement provider based in New York, suffered a major data breach that compromised the personal information of thousands of its customers. This large-scale incident, now known as the Global Atlantic Financial Group data breach. Exposed sensitive details like Social Security numbers, dates of birth, policy numbers, and states of residence. For both current and former policyholders.

A class action lawsuit has since been filed against the company. Alleging Global Atlantic failed to properly secure customers’ private data and protect them from the financial and privacy risks they now face due to the breach.

 

What Happened in the Global Atlantic Financial Group Data Breach?

According to the class action lawsuit, the Global Atlantic Financial Group data breach occurred in May 2023. When a cyberattack compromised the files of the insurance company’s third-party vendor, Pension Benefit Information (PBI). Hackers were able to infiltrate PBI’s file transfer software called MOVEit between May 29-30. Exposing the personal information of Global Atlantic Financial Group’s current and former customers.

The data breach impacted a huge number of individuals, as the lawsuit states that Social Security numbers, names, dates of birth, policy numbers, and states of residence were all compromised for thousands of Global Atlantic Financial Group policyholders. It’s believed the breach may have affected tens of thousands of customers in total. This was a massive data theft that put a large group of people at risk.

Global Atlantic Financial Group Data Breach

What Type of Information Was Exposed in the Global Atlantic Financial Group Data Breach?

The class action complaint provides extensive details on the specific types of sensitive customer data that were compromised due to the cyberattack. This included full legal names, dates of birth, insurance policy numbers, last known states of residence, and Social Security numbers for all impacted individuals.

Having SSNs leaked can be absolutely devastating for victims. As just having this nine-digit number stolen puts one’s entire identity in jeopardy. With a Social Security number, a criminal can attempt to open new accounts, apply for loans or lines of credit, file fraudulent tax returns, and more. All in the name of the person whose SSN was stolen. Dates of birth and policy numbers exposed additional personal details that could help bad actors impersonate Global Atlantic Financial Group customers for years to come as well.

 

How Did The Data Breach Happen?

The class action lawsuit alleges that Global Atlantic Financial Group failed to exercise reasonable care to protect its customers’ highly sensitive personally identifiable information. It argues the company did not conduct proper security audits and monitoring of its third-party vendors like PBI. To ensure strong data protections were in place.

Had Global Atlantic conducted thorough reviews of PBI’s security practices on a regular basis. It’s possible the vulnerabilities that led to the breach could have been identified and addressed before hackers exploited them.

Additionally, the complaint states that sensitive files containing customers’ personal data, such as names, SSNs, and DOBs, should have been encrypted by the company as an extra precautionary measure. Properly encrypting such important records can prevent data theft even if files are accessed without authorization. The lawsuit claims the company was negligent in failing to implement basic security safeguards, directly resulting in the Global Atlantic Financial Group data breach.

Global Atlantic Financial Group Data Breach

What Are The Risks To Customers After The Global Atlantic Financial Group Data Breach?

With such a vast trove of personally identifiable information compromised. The class action contends Global Atlantic Financial Group customers now face enormous risks of identity fraud and financial theft for many years into the future.

Stolen Social Security numbers, dates of birth, and other personal details can be used by criminals to open fraudulent accounts and commit other acts of identity theft long after a data breach occurs. The effects of a major incident like this may haunt victims for over a decade.

The plaintiff in the lawsuit also reported noticing a significant increase in unsolicited communications. Like spam calls and emails in the aftermath of the breach. Additionally, their credit monitoring service LifeLock informed them their private details had actually been posted. And were circulating on dark web cybercrime forums.

This underscores the very real and ongoing threats Global Atlantic Financial Group policyholders may experience because of this security failure. The risks are severe and long-lasting.

 

What is Being Done About The Breach?

To address the harms caused by the Global Atlantic Financial Group data breach. The insurance giant has offered all impacted individuals two years of complimentary identity monitoring and restoration services through a major credit reporting agency.

However, the class action argues this response is woefully lacking given the scope and severity of the breach. Two years of monitoring will do little to help victims protect themselves from identity theft. That can occur years after a breach.

Through the class action lawsuit, the plaintiff seeks to represent all other Global Atlantic Financial Group customers affected nationwide. If certified as a class action, it aims to achieve some measure of justice and compensation for breach victims. Who must now live with the risks of identity fraud for the rest of their lives due to the company’s negligence.

It also serves as a warning to other large corporations to implement robust data security practices and oversight of vendors. Or face serious legal consequences when failures allow massive data breaches to occur.

Global Atlantic Financial Group Data Breach

Final Thought

The Global Atlantic Financial Group data breach compromised an immense amount of sensitive customer information. And puts hundreds of thousands of policyholders at risk of financial and personal harm for many years to come. The class action process aims to hold the company accountable. And also provide resources to help those impacted by this significant security incident. It also underscores the critical importance of data protection for all organizations collecting people’s private details.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button