Posted On January 12, 2023 Consumer Privacy & Data Breaches
January 12, 2023 – OneAmerica Financial Partners, Inc. filed notice of a data breach on January 4, 2023 with the Attorney General of Montana after determining that a phishing attack led to unauthorized access to confidential consumer information. According to the filing, consumer information accessed was names, account numbers, Social Security numbers, credit and debit card numbers, and driver’s license numbers. After confirmation of the breach, OneAmerica sent notification letters to all individuals affected by the data breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the data breach at OneAmerica Financial Partners, Inc. Let us help you figure out your next step with a free consultation and information about how you can protect yourself and whether you can pursue a data breach lawsuit against OneAmerica for financial damages caused by the breach.
OneAmerica Financial Partners, Inc. is a financial and insurance services company that provides insurance policies such as disability, long-term care, and life. They offer their services through subsidiaries, including OneAmerica Securities, Inc., McCready and Keene Inc., State Life Insurance Company, Pioneer Mutual Life Insurance Company, AUL Reinsurance Management Services, LLC, and OneAmerica Retirement Services, LLC. Originally founded in 1877 in Indianapolis, Indiana, OneAmerica now generates approximately $1.9 billion in revenue annually and employs over 2,300 people.
According to the filing with the Montana Attorney General, on July 15, 2022, OneAmerica learned that a company email account had been sending phishing emails. The company launched an investigation with the help of a cybersecurity company into the attack to determine what information, if any, had been leaked.
OneAmerica’s investigation confirmed that an attack originated from a company email account. Once the hackers gained access to one email account, they sent phishing emails to other accounts. The information leaked was not in the computer network but within the compromised email account.
OneAmerica reviewed the files and determined that the information leaked was consumers’ names, account numbers, Social Security numbers, credit and debit card numbers, and driver’s license numbers, though the information may vary by individual.
On January 4, 2023, OneAmerica Financial Partners, Inc. sent data breach notification letters to individuals whose confidential information had been compromised.
After a data breach, a company could be held financially liable for victims’ damages. Any company, like OneAmerica, that stores consumer data has a responsibility to ensure the security of that data. There’s nothing you, as a consumer, can do to prevent an attack, so you trusted OneAmerica to do it for you.
However, just because there was a breach does not automatically mean that OneAmerica is responsible for it. Only if the company is considered negligent can a data breach lawsuit be pursued against them.
In the case of a phishing attack, there are a few different ways that a company could have been negligent in ensuring the security of sensitive information.
These are just some examples of negligence by companies. There are others that go beyond phishing attacks and may leave companies open to other forms of cyber attacks.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the OneAmerica Financial Partners, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent out to affected individuals:
Dear [Redacted],
We are writing to inform you of a security incident involving the unauthorized access of a user’s email account that may have affected the privacy of some of your personal information. We want you to understand what happened and the steps we have taken to address this issue.
Although we have no reason to believe that any access to or misuse of this information has occurred or will occur, we have set forth additional steps that can be taken to help protect your personal information. We have also included in this letter instructions on how to activate complimentary identity monitoring services.
What Happened
On July 15, 2022, OneAmerica learned that phishing messages were being sent from a user’s OneAmerica email account.
Upon discovery, OneAmerica immediately launched a comprehensive investigation to determine the cause and scope of the incident and retained leading cybersecurity experts to assist with its investigation. OneAmerica also immediately secured the impacted email account, took steps to track and confirm the permanent deletion of any suspected phishing emails, and forced password resets for OneAmerica internal and external users.
OneAmerica determined that the user’s email account had been compromised by a phishing message from an external sender that was subsequently leveraged by an unauthorized third-party to send messages to other recipients.
The unauthorized third-party did not gain access to any of OneAmerica’s systems.
Although there is no evidence that personal information was accessed, OneAmerica undertook an extensive analysis of the affected user’s mailbox to determine what data could have been affected, and, in the abundance of caution, thereafter manually searched for addresses across multiple databases in order to identify, locate, and notify those whose information could have been affected. On December 5, 2022, the Company identified an extremely limited number of individuals whose information was in the affected user’s mailbox.
What Information Was Involved
Based on the investigation, we identified some of your personal information in the user’s mailbox, including the following data elements: [Redacted].
What We Are Doing
As discussed above, upon learning of the incident, we took swift action in response by securing the impacted user’s mailbox, deleting any suspected phishing emails, forcing password resets for OneAmerica internal and external users, and containing the incident. We also enhanced our cybersecurity by adding additional monitoring and detection tools as safeguards against cyber threats.
Further, while there is no evidence that your information was accessed, in the abundance of caution we have secured the services of Kroll to provide identity monitoring at no cost to you for one year. Kroll is a global leader in risk mitigation and response, with extensive experience helping people who have sustained an unintentional exposure of confidential data.
Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Visit [Redacted] to activate and take advantage of your identity monitoring services.
You have until [Redacted] to activate your identity monitoring services.
Membership Number: [Redacted]
For more information about Kroll and your Identity Monitoring services, you can visit [Redacted]. Additional information describing your services is included with this letter.
