Unum Group reports data breach related to MOVEit vulnerability

published: Aug. 4, 2023

Learn More

Unum Group and its subsidiary, Starmount Life Insurance Co., disclosed data breach which occurred as a result of unauthorized access to a vulnerable MOVEit MFT server. The breach potentially exposed certain personal information of their customers, particularly those associated with their U.S. dental and vision businesses.

The data that may have been accessed during the cyberattack varies depending on the individual, but it includes critical details such as:

  • names,
  • dates of birth,
  • addresses,
  • Social Security numbers,
  • individual tax identification numbers.
  • medical and health insurance claim data, 
  • policy information

A limited number of individuals had their financial information and other government-issued identification numbers compromised in the breach. The number of affected individuals is not disclosed.

Upon detecting suspicious activity involving their MOVEit Transfer application on June 1, Unum initiated an investigation in collaboration with third-party cybersecurity experts. In response to the breach, the company took action, including taking Moveit Transfer offline, implementing vendor-recommended security measures, notifying law enforcement, and continuously monitoring publicly available information regarding the vulnerability.

The investigation later confirmed that between May 31 and June 1, an unauthorized party had indeed exploited the Moveit security vulnerability to gain access to and copy a subset of sensitive data. However, it wasn't until July 22 that Unum was able to determine the specific nature and extent of the personal information that had been compromised.

Unum is taking steps to notify the individuals who have been identified as affected by this incident, provided that valid mailing addresses are available. Those affected will receive detailed notices, which will include information on how to enroll in free credit monitoring and identity protection services.

Unum Group reports data breach related to MOVEit vulnerability