CONSUMER ALERT: Update On Recent Insurer and Third-Party Data Breaches

jake-smith-promo

Thousands of Delawareans – agents, policyholders and beneficiaries – have been impacted by recent data breach reports from insurers. That includes those related to the breach of the MOVEit file transfer services system that is used by third-party vendors. Delaware’s Insurance Commissioner warns that agents, policyholders or beneficiaries should be aware that their personal data may have been compromised. The Delaware Department of Insurance is updating this consumer alert and will be updating the online posting as information is received.

Additional information from the DE Insurance Commissioner:

As shared during a June 26 consumer alert, the MOVEit data breach and other data security events trigger Delaware’s Insurance Data Security Act, which in addition to proactive data security measures and other requirements, mandates the following occur:

  • Investigation of a cybersecurity event and correction of compromised information systems
  • Detailed reporting to the Insurance Commissioner
  • Notification to consumers within 60 days, except in cases where federal law or law enforcement agencies require or request modified timelines
  • Consumers must be provided credit monitoring services at no cost for a period of at least one year in addition to receiving information regarding freezing one’s credit

Insurance Commissioner Trinidad Navarro encouraged consumers to protect their identities and reassured residents that the breach will be investigated thoroughly. “I take any breach of personal information very seriously, and encourage consumers affected to utilize the identity and credit protection services offered. Our Market Conduct staff, likely alongside investigators across the country, will work to investigate the situation and assess if appropriate safeguards were in place for the handling of data.”

The department worked with the General Assembly in 2019 to pass the Insurance Data Security Act and was one of the first states to implement the National Association of Insurance Commissioner’s model law. The law is an effort to fortify security measures and protect consumer data. It requires insurance companies and their vendors to follow certain data protection and breach protocols, including notification. The department may investigate violations of the Act and levy penalties accordingly.

Consumers should consider freezing their credit report due to the incident.

View this alert and any updates on Delaware.gov


bill-o