Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials.
The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that will allow the Chinese company to buy Genworth for $2.7 billion.
Genworth's services and products are offered through financial advisors, intermediaries, as well as sales specialists and independent distributors.
The data breach was discovered by Genworth on April 20, 2020, after the company detected unauthorized access to some insurance agents' online accounts, providing access to documents containing both personal and financial information.
"We immediately began investigating the series of events that led to the unauthorized access and discovered compromised login credentials for your agent to our online portal where insurance agents and producers manage their policies," the breach notification letters [1, 2, 3] sent by Genworth's Data Security Team explain.
Depending on the accounts that were compromised, the attackers were able to access online documents that contained some of the following information, in various combinations: name, address, age, gender, date of birth, financial information, social security number, and signature.
As a direct result of an ongoing investigation examining the incident, Genworth disabled the compromised user accounts to block future access to sensitive information.
While the company disabled access to the impacted user accounts, it still monitors the accounts and the policies for suspicious behavior.
"At this point, there has been no evidence of further unauthorized activity," Genworth stated.
Genworth also said that it contacted relevant federal authorities to investigate and address the breach incident.
The company offers a one-year subscription of credit monitoring and resolution services with ID Experts to affected individuals as a protection measure against fraud and identity theft.
"Fraudulent actors obtained the login credentials of a limited number of third party insurance agents, which they obtained outside of Genworth," Public Relations Senior Director Julie Westermann told BleepingComputer.
"The perpetrators used these stolen credentials to log on to a website used only by insurance agents to potentially compromise 1,600 individuals’ data that had been submitted on their insurance or annuity applications.
"We were able to verify that Genworth systems/infrastructure were not breached, and the limited data that may have been viewable was limited solely to the policies associated with the agents whose credentials were compromised."
Genworth previously disclosed another data breach during 2014 after federal law enforcement officials notified the company in December 2013 that "Genworth Group Long Term Care (LTC) certificate holders’ information was recovered during a criminal investigation."
Update: Added Genworth statement.