Data security incident at Pan-American Life Insurance : Critical vulnerability in MOVEit transfer leads to data exposure
Pan-American Life Insurance Group (PALIG), a key player in the life, accident, and health insurance sector in the Americas, has been affected by a widespread data security incident. This incident involved a critical zero-day vulnerability in Progress Software’s MOVEit Transfer software, which was exploited by unauthorized third parties.
Immediate Response by Pan-American Life Insurance Group to the Vulnerability
Pan-American Life Insurance Group said that it responded swiftly by ceasing the use of MOVEit Transfer and disabling it within their systems. Following the availability of security patches from Progress Software, the life insurance company claimed that it successfully deployed these patches to enhance its cybersecurity measures.
Investigation and Law Enforcement Involvement
Simultaneously, Pan-American Life Insurance Group launched an investigation with the aid of cyber experts and notified law enforcement. The investigation revealed that unauthorized access to files had occurred through the MOVEit Transfer, leading to the potential exposure of sensitive personal information.
Pan-American Life Insurance Group Responds to Data Security Breach Involving MOVEit Transfer Software
Scope of Data Exposure
On October 5, 2023, Pan-American Life Insurance Group identified that the impacted files may have included a range of personal information, including social security numbers, contact details, medical information, and financial data.
Proactive Measures for Affected Individuals
Pan-American Life Insurance Group said that it is taking proactive steps to inform affected individuals and is offering additional services to those whose information was compromised. There is currently no evidence of misuse of this information for fraudulent purposes.
Strengthening Cybersecurity Measures
Pan-American Life Insurance Group added that it is committed to the security of client information and is continuously evaluating and enhancing its cybersecurity posture, particularly concerning third-party software tools.