Mar 28, 2024

New York Life Repeatedly Affected by the MOVEit Data Breach

Data Breach Image

On October 23, 2023, Andesa Services (Andesa) filed a notice of data breach with the Attorney General of Maine on behalf of New York Life Insurance Company (NYLIC). The notice confirmed that the MOVEit vulnerability impacted more than 30,000 New York Life policyholders. The notice also states that the incident resulted in an unauthorized party gaining access to policyholders' sensitive information, which includes their names and Social Security numbers.


As mentioned, the breach happened through one of NYLIC's third-party vendors, Andesa. The insurance company first learned of the MOVEit breach in May and immediately jumped into action by applying all available patches and taking the necessary steps to mitigate any potential unauthorized access. Andesa also investigated the incident with the help of third-party data security specialists. The investigation confirmed that an unauthorized actor was able to access its MOVEit server between May 30, 2023, and May 31, 2023. 


After learning that sensitive consumer data was accessible to an unauthorized party, Andesa reviewed the compromised files to determine what information was leaked and which consumers were impacted, which, as mentioned, included policyholders' names and social security numbers. According to the Office of the Maine Attorney General, more than 30,000 people were affected by the breach. 


On October 23, 2023, Andesa sent out data breach letters to those who were affected by the recent data security incident. The letters provided victims with a list of what information belonging to them was compromised, and the company, which they have no evidence to suggest the accessed information has been misused, out of an abundance of caution, is offering affected individuals access to free credit monitoring and identity theft protection services provided by Experian. 


New York Life Was Affected by the MOVEit Breach in August

Before the Andesa data breach notice earlier this year, the NYLIC suffered from another breach related to the MOVEit transfer breach. In August, Pension Benefit Information (PBI), another third-party service provider for the New York insurance company, reported the exposure of "NYLIC-related data” due to the MOVEit Transfer breach. According to PBI's letter to the Maine Attorney General, the attack exposed roughly 25,685 NYLIC-related individuals' social security numbers. 


Since June, the Russia-linked Cl0p ransomware gang has impacted over 2,500 organizations and over 66 million people due to the MOVEit Transfer attacks, and new victims continue to come forward. New York Life Insurance Company is the third-largest life insurance company and the largest mutual life insurance company in the United States. NYLIC provides insurance, investment, and retirement solutions for individuals to achieve financial security. New York Life Insurance Company employs more than 15,050 people and generates approximately $58.5 billion in annual revenue. 


For more information on the MOVEit data breach, you can read more here. If you believe you are one of the victims affected by New York Life breach or any of the other companies affected by the MOVEit data breach, we may be able to help you. At Morgan & Morgan, our attorneys understand how complex the process of ensuring your information is safe after you've been involved in a data breach. For over 30 years, we've helped thousands of our clients get the justice they deserve after a company mishandled their private information, and we want to help you, too. 


To learn more, contact one of our attorneys by completing our free, no-obligation case evaluation form today.