Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
A hooded hacker uses a computer.

Life Health > Running Your Business

Washington National Breach Victim Says Disclosure Was Too Vague

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

A data breach victim is making arguments that could end up shaping life, health and annuity issuers’ breach notification letters.

Jenny Chute is seeking class-action status for a suit against Washington National Insurance Co., a subsidiary of CNO Financial.

The Meredosia, Illinois, resident is one of about 66,000 CNO customers affected by a cyberattack on the company’s systems.

Chute argues in her complaint, which was filed in the U.S. District Court for the Southern District of Indiana, that the Washington National breach notice was too vague.

“This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform, with any degree of specificity, plaintiff and members of the data breach’s critical facts,” according to the complaint.

CNO said it does not comment on ongoing litigation.

What it means: The Chute complaint and similar complaints could start discussions about how to improve breach notice letters.

The breach: The hackers involved in the CNO breach used a cell phone “SIM swapping” strategy.

They started by gathering background information on a CNO executive. They used what they learned to pretend to be CNO tech support team members and get more information from the executive.

The hackers then called the executive’s cell phone provider and tricked the provider into transferring control of the executive’s phone number to a device they controlled. The hackers used the cell phone to break into CNO computers.

CNO told officials in Maine and other states in January that they believe the breach occurred Nov. 28, 2023, and that they discovered the breach Nov. 29, 2023.

The breach may have led to the theft of customers’ Social Security numbers, customers’ names, dates of birth and policy numbers.

The breach notice: Chute said the breach notice letter she received left out the dates of the breach, details about the root cause of the breach, the vulnerabilities exploited and the measures taken to keep the breach from happening again.

The impact: Chute believes she has suffered concrete effects from the breach.

She learned that one of her debit cards was compromised in February, and she seems to be getting more spam calls, spam texts and spam emails, according to the complaint.

Credit: Sergey Nivens/Adobe Stock

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.