The Delaware Government released a statement explaining that a data breach of Genworth Financial’s third-party vendor resulted in a data breach that affected “an estimated 2.5-2.7 million individuals.”
The breach took place as part of a significant cybersecurity attack on the MOVEit file transfer system. The attack, likely happening between May 29-30, was addressed by a corrective action taken on June 2. At this time, there is no information on additional breaches that may have occurred.
“At this time, the company has indicated that the potentially compromised information may include agents, policyholders, and beneficiaries’ data including names, contact information, dates of birth, social security numbers, and policy numbers,” the state said. “The consequences of this breach are serious. Beneficiaries may not be aware of policies that contain their information, particularly concerning life insurance benefits.”
Insurance Commissioner Trinidad Navarro responded decisively to the situation and assured customers that the breach was already being investigated and urged consumers to protect their identities.
“I take any breach of personal information very seriously and encourage consumers affected to utilize the identity and credit protection services offered. Our Market Conduct staff, likely alongside investigators across the country, will work to investigate the situation and assess if appropriate safeguards were in place for the handling of data.”
The data breach has also triggered a response in accordance with Delaware’s Insurance Data Security Act, including requiring the company to notify users within 60 days if their data has been compromised. Users also get a complementary free year of credit monitoring and information on credit freezing.
They also have to provide a detailed report of the incident to the Insurance Commissioner. Regular updates regarding the breach can be checked at Genworth.com/MOVEit, and consumers are encouraged to consider freezing their credit report as a preventive measure.