Pan-American Life Insurance Group Hit by Data Breach

Pan-American Life Insurance Group (PALIG), a leading provider of life, accident, and health insurance throughout the Americas, recently announced that it was impacted by a widespread data security incident involving Progress Software’s MOVEit Transfer software. This incident highlights the growing threat of cyberattacks and the importance of taking steps to protect personal information.

What Happened?

In July 2023, Progress Software announced a critical, zero-day vulnerability in its MOVEit Transfer software. Hackers took advantage of this vulnerability to gain access to data from several organizations, including PALIG.

PALIG immediately took action to disable MOVEit Transfer and deployed security patches. However, the investigation revealed that an unauthorized third party had already gained access to the personal information of individuals, including names, addresses, social security numbers, dates of birth, driver’s license numbers, contact information, medical information, subscriber numbers, certain biometric data, and financial account and credit card information.

What is the potential impact?

While there is no evidence that any information has been misused so far, attackers could use the stolen data in a variety of ways, including:

• Medical identity theft: Hackers could use stolen medical information to submit forged claims to Medicare and other health insurers.
• Identity theft: Hackers could use stolen personal information to open new credit accounts, make unauthorized purchases, or obtain loans under false pretenses.
• Phishing attacks: Hackers could use stolen contact information to launch phishing attacks, tricking individuals into revealing sensitive information.

What is PALIG doing to respond?

PALIG is taking the following steps to respond to the incident:

• Notifying affected individuals by mail and offering them additional services.
• Working with law enforcement to investigate the incident.
• Reviewing its cybersecurity posture and taking steps to further secure its systems.
• Continuing to evaluate the security of third-party software.

What can you do?

If you are a PALIG customer, please review the notification you receive and take the following steps to protect your information:

• Be aware of the potential risks of identity theft and phishing attacks.
• Monitor your credit reports and bank statements for any suspicious activity.
• Consider placing a fraud alert or credit freeze on your credit reports.
• Change your passwords for online accounts, especially those that contain sensitive information.