Corebridge Financial, reports MOVEit related data breach, exposing SSNs

Corebridge Financial, Inc., a financial services company headquartered in Houston, Texas, reported a data breach that occurred due to a critical vulnerability in the MOVEit file transfer program used by the company. The data breach was brought to Corebridge's attention on June 16, 2023, when one of its third-party vendors reported the presence of the critical vulnerability in the MOVEit application.

Corebridge states that its core information systems and operations remained unaffected, as the unauthorized access was limited to the data stored specifically within the MOVEit server.

The breach allowed an unauthorized party to gain access to sensitive consumer information, including

• names,
• Social Security numbers,
• policy numbers.

The exact number of individuals affected by the data breach is yet to be disclosed.

Corebridge Financial took immediate action to send out data breach notification letters to all individuals whose information had been impacted by the incident.

These notification letters aimed to inform the affected consumers about the breach, the data accessed by the unauthorized party, and any potential risks associated with the exposed information.