Sun Life third-party breach exposes 212K individuals


Sun Life data was exposed after MOVEit hackers breached Pension Benefit Information (PBI), jeopardizing hundreds of thousands of individuals.

Sun Life, a financial services company managing a trillion dollars worth of assets, informed the Maine Attorney General that a third-party breach had impacted 212,129 individuals.

Earlier this year, the company was impacted by the infamous MOVEit attacks after hackers breached Sun Life’s third-party vendor, PBI. PBI’s hack exposed several companies, including Prudential, New York Life, Colorado State University, CalPERS, and others.

ADVERTISEMENT

According to information Sun Life submitted to the Maine Attorney General, individuals’ Social Security numbers (SSNs) were exposed in the attack.

Losing SSNs poses significant risks, as impersonators can use stolen data with names and driver’s license numbers for identity theft.

Sun Life said that all affected individuals were offered two years of complimentary credit monitoring services.

Sun Life is a Canadian financial services company primarily known for life insurance services. The business employs around 50,000 staff and reported revenue exceeding $17 billion in 2022.

Earlier this year, the Cl0p ransomware cartel exploited a zero-day bug in the MOVEit Transfer software, which allowed attackers to access and download data stored there.

According to researchers at Emsisoft, over 2,500 organizations – mainly in the US – and over 66 million individuals have been impacted by MOVEit attacks by the Russia-linked ransomware cartel.

Taking IBM’s estimate, which puts the cost of an average data breach at $165 per leaked record, the impact of the Cl0p attacks would add up to a staggering $10.7 billion.

ADVERTISEMENT