Sun Life, one of Canada’s leading insurance providers, says the personal data of some of its members has been compromised after one of its vendors was affected by a global cyberattack in June.
While Sun Life does not use MOVEit, the file transfer software that was targeted in the attack, one of its vendors, Pension Benefit Information (PBI), said some members’ personal information was accessed by an unauthorized third party during the incident.
Sun Life says it shares certain information with PBI to support business operations such as paying life insurance and related benefits in a timely manner.
Additionally, PBI uses MOVEit to transfer files internally and between parties.
Hackers were able to access information such as name, Social Security Number, policy and account number, and/or date of birth of some members and account holders.
However, no financial information like account values or medical claims were exposed, according to a notice from Sun Life.
The company assured its members they take information security “very seriously” and are conducting an investigation with PBI.
HOW DO I KNOW IF I WAS AFFECTED?
So far, there are no indications of identity theft or fraud linked to the incident.
In response to the breach of information, Sun Life says they are “working with PBI to confirm the member data involved,” and will notify members accordingly.
They will also provide credit monitoring and identity protection services.
Sun Life adds members are encouraged to personally monitor their accounts and credit history for “signs of unauthorized activity,” and to change their account passwords – even though the latter were not exposed in the breach.
The company also recommends customers place credit card freezes or fraud alerts with credit bureaus such as Equifax, Experian and TransUnion for an additional layer of protection against misuse of personal information.