A Nationwide Mutual Insurance data breach that took place on October 3 apparently affected over a million Americans. It seems to have been conducted by an unknown party, potentially from overseas. A portion of the network used by Nationwide Insurance and Allied Insurance was the hacker’s target, which means that not only was Nationwide’s data compromised, but third parties that requested insurance quotes may also have had their data stolen. The company’s analysis of the hack resulted in discovering that customers’ “name, Social Security number, driver’s license number and/or date of birth and possibly marital status, gender, and occupation, and the name and address of their employer” were vulnerable and potentially stolen. The insurance firm claims that there is no evidence that credit card account information was compromised. http://alrt.co/115gZ6q
Takeaway: The data breach occurred in a network used by Allied Insurance; the data may be mined to extract information from other sources, including medical records and web browsing histories, etc. As mentioned in other similar incidents, data security measures need to be implemented in all ingress and egress points across all partners who share such information. Additional protection such as monitoring of access logs also helps identify such thefts much sooners to remediate a further loss of information.