Sun Life, one of Canada’s leading insurance providers, says that the personal data of some of its customers in the US has been compromised after one of its vendors was affected by a global cyberattack in June.
While Sun Life US does not use MOVEit, the file transfer software targeted in the attack, one of its vendors, Pension Benefit Information (PBI), said some members’ personal information was accessed by unauthorized authorized third party during the incident.
Sun Life says it shares some information with PBI to support business operations such as payment of life insurance and related benefits in a timely manner.
Additionally, PBI uses MOVEit to transfer files within and between parties.
Hackers were able to access information such as the name, Social Security Number, policy and account number, and/or date of birth of some members and account holders.
However, no financial information such as account amounts or medical claims have been disclosed, according to a statement from Sun Life US
The company assured its members that it takes information security “very seriously” and that it is conducting an investigation with PBI.
HOW DO I KNOW IF I AM AFFECTED?
At this time, there is no indication of identity theft or fraud involved in the incident.
In response to the data breach, Sun Life said they are “working with PBI to confirm the member data involved,” and will notify members accordingly.
They will also provide credit monitoring and identity protection services.
Sun Life added that members are encouraged to personally monitor their accounts and credit history for “signs of unauthorized activity,” and to change their account passwords — even if the latter is not be exposed to the breach.
The company also recommends customers place credit card freezes or fraud alerts with credit bureaus such as Equifax, Experian and TransUnion for an extra layer of protection against misuse of personal information.