Delaware impacted by recent data breach of third-party vendor

DOVER, Del. – The Delaware Department of Insurance is alerting Delawareans of a recent data breach.

On June 16th, PBI Research Services, a third-party vendor for Genworth Financial, disclosed a data breach that impacted the personal information of an estimated 2.5 to 2.7 million people, including roughly 8,000 Delaware residents. At this time, the company has reportedly indicated that the potentially compromised information may include agents, policyholders, and beneficiaries’ data including names, contact information, dates of birth, social security numbers, and policy numbers.

This event has triggered the Delaware Insurance Data Security Act, which, in addition to proactive data security measures and other requirements, mandates that the following now take place:

• Investigation of a cybersecurity event and correction of compromised information systems
• Detailed reporting to the Insurance Commissioner
• Notification to consumers within 60 days, except in cases where federal law or law enforcement agencies require or request modified timelines
• Consumers must be provided credit monitoring services at no cost for a period of at least one year in addition to receiving information regarding freezing one’s credit

This incident was part of a significant cybersecurity attack involving the MOVEit file transfer system, which the breach likely occurring around May 29th and 30th before a corrective action was implemented on May 31st. The department has not been notified of additional insurer or insured information being accessed as part of the breach.