Data breach at Bankers Life under investigation by state insurance department

CNO Financial

The Indiana Department of Insurance is investigating a recent data breach suffered by Bankers Life and Casualty Co., a division of Carmel-based insurance holding company CNO Financial Group Inc.

Bankers Life and Casualty Co. disclosed late last week that it was hit by a data breach between May 30 and Sept. 13, and the hackers were able to gain extensive personal information for a “limited group” of customers.

That information included Social Security numbers, driver’s license or state identification card numbers, bank account numbers, medication information, diagnoses and treatment plan information, the company said.

Chicago-based Bankers Life sells financial products to middle-income clients, including Medicare supplement insurance, supplemental health insurance, life insurance, long-term care insurance and annuities. It is CNO Financial's largest division, with $1.2 billion in client assets.

Bankers Life declined to disclose to IBJ details of how the outsiders gained access to employee information, nor would it disclose the number of customers whose personal information was accessed.

The Indiana Department of Insurance acknowledged an investigation, but declined further comment.

"The Department is aware of the data breach that was disclosed and cannot comment on an ongoing investigation," Deputy Commissioner Jenifer Groth said in an email.

In a statement released late last week, Bankers Life said that “unauthorized third parties” gained access to a limited number of Bankers Life employees’ credentials between May 30 and Sept. 13. During this period, the company said, “unauthorized third parties used improperly obtained employee information to gain access to certain company websites, potentially resulting in unauthorized access to personal information of policyholders and applicants.”

In addition to the group whose data was accessed, Bankers Life said, a larger group of its customers may have had their information exposed; including names, addresses, birth dates, the last four digits of Social Security numbers and insurance information such as policy numbers, types of insurance, premiums, dates of service and claims amounts.

The company said it learned about the breach on Aug. 7. In response, it hired an external forensics investigator and “took steps to further restrict and monitor access to systems and enhance its security procedures.”

On Thursday, the company said, it notified certain customers about the issue, including people who hold Medicare supplement policies through Colonial Penn Life Insurance Co., another CNO Financial unit. Those customers will receive free identity repair and credit monitoring services from the firm ID Experts. 

The company said it refrained from announcing the breach earlier because federal investigators advised that this could hurt their investigation.

The Indiana Department of Insurance said consumers concerned about cybersecurity can get more information here.
 

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: IBJ is now using a new comment system. Your Disqus account will no longer work on the IBJ site. Instead, you can leave a comment on stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Past comments are not currently showing up on stories, but they will be added in the coming weeks. Please note our updated comment policy that will govern how comments are moderated.