On August 3, 2023, Unum Group’s subsidiary Starmount Life Insurance Company, Inc. (”Starmount”) posted a notice of data breach on its website after discovering that the company’s MOVEit server was accessed by an unauthorized party. In this notice, Unum explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, addresses, Social Security numbers, medical information, health insurance claim information and policy information. Upon completing its investigation, Unum began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Unum Group or Starmount Life Insurance Company, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the MOVEit / Unum Group data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Unum Group Customers?
The data breach affecting Unum Group customers was only recently announced, and more information is expected in the near future. However, Unum’s post on the Starmount website provides some important information on what led up to the breach. According to this source, on June 1, 2023, Unum identified suspicious activity within its MOVEit Transfer application. In response, Unum took its MOVEit server offline, notified law enforcement, installed all available patches to eliminate the possibility of future access, and then launched an investigation into the incident.
On June 4, 2023, the Unum investigation confirmed that between May 31, 2023 and June 1, 2023, an unauthorized party exploited the MOVEit vulnerability, copying data from its MOVEit server. It was later determined that some of the data that was accessible to the unauthorized party consisted of confidential information belonging to Unum customers.
After learning that sensitive consumer data was accessible to an unauthorized party, Unum Group reviewed the compromised files to determine what information was leaked and which consumers were impacted. This process was completed on July 22, 2023. While the breached information varies depending on the individual, it may include your name, date of birth, address, Social Security number, medical, health insurance claim, and policy information. Unum notes that a limited number of financial account information and other types of government-issued identification numbers were also affected by the recent breach.
On August 3, 2023, Unum Group sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Unum Group
Unum Group is an insurance company based in Chattanooga, Tennessee. Unum Group is the largest disability insurer in the United States, based on the number of policies written. Unum Group and its subsidiaries also offer other insurance products, including accident, critical illness and life insurance. Unum Group employs more than 10,000 people and generates approximately $12 billion in annual revenue.
