- ‘Transamerica’ is sending notices of a data breach to an undisclosed number of clients.
- The firm has done a configuration mistake concerning user access rights during a website upgrade.
- The information that was exposed includes full names, addresses, SSNs, DoBs, and 401k of data.
American insurance and retirement colossus ‘Transamerica Corporation’ is now sending notices of a data breach to some of its customers, informing them of an incident that resulted in the compromise of their personal details. The data breach resulted from a configuration mistake during the upgrade of one of their plan administration websites, which happened on June 14, 2021.
In July, the firm realized that some employers belonging to other entities could access information about the retirement contributions of other clients. Although Transamerica corrected the mistake as soon as they realized the error, three weeks had already passed.
The information that may have been accessed by unauthorized users includes the following:
- Full name
- Physical address
- Social Security number
- Date of birth
- Financial details relevant to the retirement plan contributions
This last part is particularly problematic for the exposed individuals and the reason why Transamerica is covering the cost of two years of identity monitoring service by Equifax for those who sign up for it. Activation codes and details on how to register on the protection service are included in the notice letter. Additionally, you should place a fraud alert on your credit file, regularly review your credit reports, and possibly even place a security freeze to prevent all forms of abuse.
Transamerica clarifies that their internal investigation hasn’t yielded anything particularly worrying as they found no signs of misuse of the exposed information. However, that doesn’t mean that nobody accessed other people’s details. Still, to access the data sets, users would need to be authorized to log into the website using valid credentials, so at least no outsiders should have been able to access that info.
As for the scope of the incident and the number of people who may have been affected, this hasn’t been determined by the firm. To get an idea of the company's size and its clientele, Transamerica employs 25,000 people, contracts 15,000 insurance agents, and operates in 3,000 locations worldwide. The particular security incident concerns the service that has to do with 401k plans administration for certain employers.