“Genworth Financial,” the American insurance firm with total assets that surpass a hundred million USD and revenues that go beyond $8.6 billion, has announced a catastrophic data breach on its systems. The company realized the security event on April 20, 2020, when they detected unauthorized access onto its systems. Reportedly, hackers were using compromised insurance agent accounts to access the corporate network and tap into data such as documents containing personal and financial information of clients. After determining which agents had been compromised, Genworth secured the accounts, locked out the infiltrators, and began distributing notices of a data breach to the clients who had been served by these agents.
The data that may have been accessed by the threat actors include the following details:
Not all of the above regard every affected user, as not all database listings are equally rich. However, the type of data that was involved in the incident makes it particularly severe and a great cause for concern. For this reason, the recipients of the notices are advised to take the offer of one year of credit monitoring services with ID Experts, the cost of which will be covered by Genworth. The “typical” credit freeze and credit report monitoring advice are also provided in the notice letters.
The insurance firm hasn’t clarified the number of people who have been affected by this incident. Still, an employee from their public relations told Bleeping Computer that the pool of user details in the accessed platform is 1,600 people. It means that the hackers may have stolen the sensitive details of up to 1,600 clients. Genworth clarified that the incident wasn’t due to a security vulnerability or mistake from their part, as the agent login credentials were stolen from elsewhere. The hackers only accessed a system that is used by insurance agents, so the company’s main network infrastructure hasn’t been compromised.
If you haven’t received Genworth Financial, the chances are that you are not among the affected. Still, if you are worried and want to contact the firm’s data security team, you may reach them out by calling “866 381 2906”.