[BreachExchange] Here's a transaction Transamerica regrets: Transgressors swipe retirees' personal info

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jun 5 19:11:35 EDT 2018


http://www.theregister.co.uk/2018/06/05/transamerica_retirement_plan_hack/


Updated Financial house Transamerica has admitted hackers swiped some of
its customers' sensitive personal information, including social security
numbers.

In a formal notice sent to the California Attorney General's office this
month, the US insurance and investment giant said an "unauthorized" person
was able to get into its systems some time between March 2017 and January
2018, and siphon off the names, addresses, social security numbers, dates
of birth, financial account information, and employment details of people
holding Transamerica Retirement Solutions accounts.

Transamerica boasts of having "more than four million retirement plan
participants."

"Please note that most individual accounts were accessed only once or at
limited points in time during this time frame," Transamerica is telling the
affected customers.

"We found no evidence of a compromise of Transamerica’s network and
systems, but unauthorized parties used compromised third-party user
credentials to log into Transamerica systems and access your account
information."

The Register asked Transamerica exactly how many of its customers were
whacked by the hack, and we have yet to hear back. The biz has not said if
it has any reports of the stolen information being used for fraud.

"We began an investigation as soon as we learned of the incident, engaged a
leading cybersecurity forensics firm, and contacted appropriate law
enforcement," customers were told in a memo from Transamerica.

"We continue to work diligently to minimize the impact of this event and
may take additional steps to enhance the security of your account based on
our investigation."

To remedy the situation, Transamerica says it is flagging up, and
monitoring any accounts that were accessed by the miscreants. The biz is
also offering its customers one year of identity monitoring services, a
fairly standard measure taken by companies in the wake of a major data
breach. Customers will have until August 30 to enroll in the monitoring
service.

In addition to credit monitoring, Transamerica is asking customers to
change their passwords with new, complex logins.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180605/f4208fe0/attachment.html>


More information about the BreachExchange mailing list