Hacker Infiltrates MassMutual Database

MassMutual officials this week confirmed that one of its employee databases was accessed by an unauthorized person or persons, exposing an unknown number of employees’ personal data for a yet-to-be-determined amount of time.

The Springfield, Mass.-based insurer said the compromised database was being maintained by an unidentified, third-party vendor and contained “a limited amount of personal employee data.”

Company officials said all the employees potentially impacted by the hack were notified and will receive free credit monitoring and reporting services for the next few years.

MassMutual spokesman Jim Lacey said that initial investigations by the company suggest that no Social Security numbers, bank accounts or client information was exposed.

“MassMutual can confirm that, despite comprehensive procedures and diligent practices to protect confidential and private data concerning employees at MassMutual and several of its subsidiaries, a limited amount of personal employee information maintained in a database by an outside vendor (engaged by the company) may have been subject to unauthorized access,” Lacey said in a statement.

“However, the vendor engaged a highly respected forensics team to investigate, and at this time we believe that no misuse of the information or fraudulent activity involving the data has occurred,” he added. “The company is also working closely with the vendor to ensure every measure is taken to fully resolve this situation and to better prevent this from happening in the future.”

MassMutual is just the latest insurance giant to fess up to some type of data breach.

Earlier this month, more than 10,000 physicians’ and dentists’ personal data was exposed in New Hampshire after an employee at Anthem Blue Cross and Blue Shield transferred the healthcare providers’ Social Security numbers and other data to a personal laptop that was later stolen.

Anthem spokesman Christopher Dugan said the security breach took place at the national level and the files did not include any patients’ personal data.

In September, more than 33,000 patients receiving care from a Daytona Beach, Fla. medical center were notified that their data may have been compromised when a laptop was stolen from an employee’s car.

News Around the Web