Washington D.C. (May 31, 2019) – On April 1, 2019, an unauthorized external user was able to access the company email account of an employee of The Union Labor Life Insurance Company (the “Company”), a Ullico Inc. subsidiary, before the Company detected the unauthorized access and disabled the affected account shortly after the intrusion.
The employee opened a link in an email from a trusted, external business partner that included a login to what appeared to be a legitimate file sharing site. The link was in fact fraudulent and requested the recipient to enter the user’s login credentials, thereby allowing access to the user’s email account and any sensitive confidential information contained in that account.
What information was exposed?
The types of personal information accessible in the account may have included name, address, date of birth, social security number, and personal health information of individuals and their family members. This information was in the possession of the Company in connection with the Company’s group life and medical stop loss insurance products.
How did the Company respond?
The Company’s Information Technology department disabled the affected email account within 90 minutes of the unauthorized access, sequestered the employee’s computer from the company network, and took steps to prevent the further spread of the malicious email message. A forensic review of the email account’s inbox and archived folders identified emails and attachments that contained confidential personal information of approximately 87,400 individuals.
The Company is actively working to ensure that all affected individuals are notified and all required reporting to state and federal regulators is completed. The Company has no evidence indicating that any sensitive confidential information contained in the email account was in fact accessed or that any of the individuals are likely to encounter future identity security problems. However, the Company will offer 24 months of free credit monitoring and identity theft protection services to individuals whose sensitive confidential information may have been exposed. Information about those services and enrollment instructions will be provided in a mailing to all affected individuals.
For more information, contact Ullico’s Legal and Compliance Department.