Symetra Life Insurance Co reported that customer information may have been exposed following the detection of unusual activity on a customer portal over a six-month period.
The company notified the Massachusetts Attorney General's Office this month, explaining that it observed unusual account activity between April 12 and September 10.
Symetra stated in a letter to policyholders, shared by the state, that it "promptly began an investigation into the scope and nature of the event, including retaining third-party forensics firms to assist with the investigation" and took measures to prevent further access.
Through the investigation, Symetra concluded that "an unauthorized third party used personally identifiable information obtained outside of Symetra” to log into affected customers’ accounts.
The incident affected 36 customer accounts, including four in Massachusetts, triggering the notification requirement there. Symetra confirmed in a report from AM Best that those customers have been notified, their accounts secured, and that "Symetra's internal systems were not breached as a part of this incident."
According to Symetra, the information potentially accessed included customer names, mailing and email addresses, dates of birth, account numbers, and beneficiary details. In response to the incident, the company enhanced the security of its customer portal, and the third-party forensics firm will conduct a further assessment of Symetra’s system security.
Additionally, Symetra said that it is offering affected customers two years of free credit monitoring and identity theft protection.
Read More: What's the new frontline for cyberattacks?
The disclosure places Symetra among a growing number of insurers reporting unauthorized cyber activity. Landmark Admin suffered a cyberattack in May, followed by a second incident during a forensic investigation in June.
According to a data breach notice filed with the Maine Office of the Attorney General, more than 806,000 individuals were impacted. Landmark provides third-party administrative services for life and annuity insurers, including Liberty Bankers Insurance Group and its subsidiaries.
What are your thoughts on this story? Please feel free to share your comments below.
