Major Data Breach Strikes Fidelity & Guaranty Life Insurance Company

  • Data Breach at F&G: Approximately 873,000 individuals were affected by a security breach at Fidelity & Guaranty Life Insurance Company, traced back to a vulnerability in MOVEit Transfer software by Progress Software.
  • Preventative Measures Offered: While no identity theft or fraud has been reported in relation to the breach, PBI is providing affected individuals with 12 months of complimentary credit monitoring and identity restoration services via Kroll.

A major data breach has compromised the personal information of approximately 873,000 individuals associated with Fidelity & Guaranty Life Insurance Company (F&G). The breach, which occurred between May 29 and May 30, 2023, was disclosed to the firm on June 20.

Progressive MoveIt

The breach is linked to a vulnerability in the MOVEit Transfer software provided by Progress Software. Pension Benefit Information, LLC (PBI), a service provider that uses MOVEit software to securely transfer files, reported unauthorized access to their MOVEit Transfer servers during the time of the breach.

The compromised data includes names and Social Security Numbers. Marek Olearnik, AVP and Sr. Counsel Operations of F&G, highlighted that while there is no indication of identity theft or fraud related to the breach, they are taking serious steps to address it.

PBI’s investigation into the incident revealed that unauthorized third parties had exploited the MOVEit software vulnerability. In a statement, PBI mentioned, “Upon learning about this vulnerability, we promptly took steps to patch servers, investigate, assess the security of our systems, and notify potentially affected customers and individuals associated with those customers.”

As a preventive measure and gesture of goodwill, PBI is offering 12 months of complimentary credit monitoring and identity restoration services through Kroll for affected individuals.

Both PBI and F&G encourage affected parties to remain vigilant against identity theft and fraud. As a further precaution, they have enclosed guidelines and suggestions on how to monitor and safeguard their personal information.

While the cause of the breach has been identified and rectified, it brings into sharp focus the importance of constantly monitoring and updating third-party software applications, especially those responsible for handling sensitive personal data.