Data of 300K+ Standard Insurance customers exposed in MOVEit-related NTT DATA attack


The personal details of Standard Insurance customers, held by NTT DATA Americas on PBI Research Services servers, were exposed by the MOVEit Transfer attacks and have impacted over 300,000 people.

NTT DATA Americas has informed impacted individuals, explaining that the attacker gained access to Standard Insurance data which PBI was processing for the company. The breach can be classified as a secondary third-party incident, similar to the Ernst & Young (EY) attack that exposed Bank of America clients.

According to information that NTT DATA Americas’ representatives provided to the Maine Attorney General, 308,072 people had their personal details exposed in the attack. The company claims that malicious actors accessed names or other personal identifiers together with Social Security numbers (SSNs).

Losing SSNs poses significant risks, as impersonators can use the stolen data in tandem with names and driver’s license numbers for identity theft.

Pension Benefit Information (PBI) is a US-based population management solutions provider. The Prudential Insurance Company of America, Wilton Re, a US-based insurer, California Public Employees’ Retirement System (CalPERS), and several others were exposed to the attack via the MOVEit Transfer service that PBI used.

NTT DATA Americas is a subsidiary of NTT DATA, a Japanese multinational IT company with over 139,000 employees and revenues exceeding $30 billion.

Meanwhile, Standard Insurance is a US-based insurance and financial company with revenue reaching nearly $5 billion last year.

Who‘s behind the attack?

So far, over 980 organizations and nearly 60 million individuals have been confirmed to be impacted by MOVEit Transfer attacks, claimed by the ransomware gang Cl0p.

Numerous well-known organizations have had their clients exposed in the attack. Recently, TD Ameritrade, a US stockbroker, reported that over 60,000 of its clients were exposed, with Cl0p taking the financial account data of some.

Other named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.


More from Cybernews:

Google's $5 billion privacy battle: the realities of incognito browsing

Eroding online privacy will hinder security not improve it, experts warn

Price fixing on Amazon Marketplace backfires: conspirators going to jail

Multi-hospital ransom attack in US claimed by Rhysida gang

Musk’s SpaceX sued by US over illegal hiring practices against migrants

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked