Sun Life, a prominent insurance provider in Canada, has revealed that the personal information of some of its members has been compromised as a result of a global cyberattack that targeted one of its vendors in June.
Although Sun Life itself does not utilize the file transfer software MOVEit, which was the specific target of the attack, one of its vendors, Pension Benefit Information (PBI), reported that unauthorized third parties accessed personal information of certain members during the incident. Sun Life collaborates with PBI to facilitate business operations, including timely disbursement of life insurance and related benefits.
The hackers were able to access details such as members’ names, Social Security numbers, policy and account numbers, and/or dates of birth. However, Sun Life assured its members that no financial information such as account values or medical claims was exposed, according to an official notice.
Sun Life emphasized its commitment to information security and is currently conducting an investigation in collaboration with PBI. At present, there have been no indications of identity theft or fraud linked to the breach.
In response to the data breach, Sun Life stated that they are working with PBI to determine the extent of the member data involved and will notify affected members accordingly. Additionally, the company will provide credit monitoring and identity protection services.
Sun Life advises its members to personally monitor their accounts and credit history for any signs of unauthorized activity. They also recommend changing account passwords as a precautionary measure, despite the fact that passwords were not exposed in the breach. Furthermore, the company suggests considering credit card freezes or fraud alerts with credit bureaus such as Equifax, Experian, and TransUnion to enhance protection against potential misuse of personal information.