Hackers stole personal data of over 100,000 United of Omaha's insurance customers

Omaha, Nebraska-based financial services and insurance company United of Omaha Life Insurance Company said that the data security incident it suffered earlier this year compromised the sensitive personal information of more than 100,000 individuals.

 

In a data breach notice filed with the Attorney General of Massachusetts, United of Omaha said that on April 23, it detected unusual activity in an employee’s email account. The company immediately launched an investigation, with assistance from external cyber security experts, and identified unauthorised access by a third party.

 

The insurance company said hackers gained unauthorised access to the email account through a phishing campaign targeting its employees.

 

“The investigation determined that the unauthorised third party had access to the employee email account between April 21, 2024 and April 23, 2024. Following a thorough review of the email account, on June 28, 2024 United of Omaha discovered that the unauthorised party may have accessed sensitive information,” it said.

 

The compromised data included customers’ full names, addresses, dates of birth, driver’s license numbers, health insurance policy numbers, social security numbers, employment information, and limited health information.

 

A filing with the U.S. Department of Health and Human Services Office for Civil Rights states that at least 107,894 individuals were impacted by the incident.

 

United of Omaha said it took several steps to avoid similar incidents in the future, such as changing the employee’s Microsoft account passwords to prevent further access to the email account and re-training all employees on how to identify and report phishing campaigns.

 

The insurance provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered two years of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.