/

Unum Data Breach: What & How It Happened?

Unum Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In June 2023, Unum Group encountered a cybersecurity incident involving one of its subsidiaries. The incident led to unauthorized access to certain company systems, compromising sensitive information. An investigation was conducted, and notifications were sent out in August 2023. Subsequently, a lawsuit was filed against the company, alleging inadequate protection of personal data and regulatory violations.

How many accounts were compromised?

The breach affected data related to approximately 532,000 individuals.

What data was leaked?

The data exposed in the breach included names, dates of birth, addresses, Social Security numbers, medical information, health insurance claim information, and policy information.

How was Unum hacked?

The unauthorized party exploited a zero-day vulnerability in Starmount Life Insurance Company's MOVEit server, gaining access to sensitive customer information. The specific hacking methods remain unclear, but the breach was attributed to the Clop group.

Unum's solution

In response to the hack, Unum Group took several measures to address the situation and prevent future incidents. They took their MOVEit server offline, notified law enforcement, installed patches to prevent future unauthorized access, and launched an investigation. While the specific enhanced security measures remain unclear, Unum Group also sent out data breach notification letters to affected individuals, advising them on the necessary steps to protect themselves from potential fraud or identity theft.

How do I know if I was affected?

Unum Group has notified individuals believed to be affected by the breach. If you're a customer of Unum or Starmount Life Insurance Company and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for all accounts, especially those containing sensitive information. Ensure that the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your accounts for any suspicious activity. Report any unauthorized transactions or changes to your account information immediately.

For more specific help and instructions related to Unum's data breach, please contact Unum's support directly.

Where can I go to learn more?

If you want to find more information on the Unum data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Unum Data Breach: What & How It Happened?

Unum Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In June 2023, Unum Group encountered a cybersecurity incident involving one of its subsidiaries. The incident led to unauthorized access to certain company systems, compromising sensitive information. An investigation was conducted, and notifications were sent out in August 2023. Subsequently, a lawsuit was filed against the company, alleging inadequate protection of personal data and regulatory violations.

How many accounts were compromised?

The breach affected data related to approximately 532,000 individuals.

What data was leaked?

The data exposed in the breach included names, dates of birth, addresses, Social Security numbers, medical information, health insurance claim information, and policy information.

How was Unum hacked?

The unauthorized party exploited a zero-day vulnerability in Starmount Life Insurance Company's MOVEit server, gaining access to sensitive customer information. The specific hacking methods remain unclear, but the breach was attributed to the Clop group.

Unum's solution

In response to the hack, Unum Group took several measures to address the situation and prevent future incidents. They took their MOVEit server offline, notified law enforcement, installed patches to prevent future unauthorized access, and launched an investigation. While the specific enhanced security measures remain unclear, Unum Group also sent out data breach notification letters to affected individuals, advising them on the necessary steps to protect themselves from potential fraud or identity theft.

How do I know if I was affected?

Unum Group has notified individuals believed to be affected by the breach. If you're a customer of Unum or Starmount Life Insurance Company and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for all accounts, especially those containing sensitive information. Ensure that the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your accounts for any suspicious activity. Report any unauthorized transactions or changes to your account information immediately.

For more specific help and instructions related to Unum's data breach, please contact Unum's support directly.

Where can I go to learn more?

If you want to find more information on the Unum data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Unum Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In June 2023, Unum Group encountered a cybersecurity incident involving one of its subsidiaries. The incident led to unauthorized access to certain company systems, compromising sensitive information. An investigation was conducted, and notifications were sent out in August 2023. Subsequently, a lawsuit was filed against the company, alleging inadequate protection of personal data and regulatory violations.

How many accounts were compromised?

The breach affected data related to approximately 532,000 individuals.

What data was leaked?

The data exposed in the breach included names, dates of birth, addresses, Social Security numbers, medical information, health insurance claim information, and policy information.

How was Unum hacked?

The unauthorized party exploited a zero-day vulnerability in Starmount Life Insurance Company's MOVEit server, gaining access to sensitive customer information. The specific hacking methods remain unclear, but the breach was attributed to the Clop group.

Unum's solution

In response to the hack, Unum Group took several measures to address the situation and prevent future incidents. They took their MOVEit server offline, notified law enforcement, installed patches to prevent future unauthorized access, and launched an investigation. While the specific enhanced security measures remain unclear, Unum Group also sent out data breach notification letters to affected individuals, advising them on the necessary steps to protect themselves from potential fraud or identity theft.

How do I know if I was affected?

Unum Group has notified individuals believed to be affected by the breach. If you're a customer of Unum or Starmount Life Insurance Company and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for all accounts, especially those containing sensitive information. Ensure that the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your accounts for any suspicious activity. Report any unauthorized transactions or changes to your account information immediately.

For more specific help and instructions related to Unum's data breach, please contact Unum's support directly.

Where can I go to learn more?

If you want to find more information on the Unum data breach, check out the following news articles: