Over 70 MassMutual clients’ personally identifiable information has been acquired by an unauthorized third party from an insider at the company. According to a letter to the District Attorney of New Hampshire, where one affected client resides:
“On August 3, 2009, MassMutual was advised, verbally and in writing, by Postal Inspector James Morrison of the U.S. Postal Inspection Service ("Service") that during the course of an identity theft investigation, the Service discovered documents containing the personal information of certain MassMutual customers in an envelope bearing MassMutual's logo. The Service advised that they had reason to believe that at least some of this personal infoD11ation had been used for fraudulent purposes. On August 5, 2009, the Service requested, verbally and in writing, that MassMutual delay notification to impacted individuals in order to prevent a compromise of the Service's investigation.
The documents recovered by the Service appear to be "screen prints" from one of MassMutual 's administrative platforms and such documents contained, among other things, individual customer: (i) first and last name; (ii) address, (iii) Social Security number; and (iv) what appear to be financial account number(s). Each screen print also contained a unique identifier for the MassMutual employee who had access to the system at the time the document was printed. All reviewed "screen prints" appear to have been generated by one individual, who left MassMutual 's employ in March of 2008.”
MassMutual sent breach notifications to all affected parties, and has conducted an internal review which found no suspect transactions on any of the affected individuals’ accounts. At this time, no announcement has been made regarding charges against the perpetrator.
Comments