Friday, November 30, 2012

Regulators Monitor Security Breach at Insurer

Hackers hits Nationwide system in October. Corrective actions in place


DES MOINES, IOWA.  November 30, 2012- After the most recent mass cyber-attack of a major company, more than 90,000 Iowans have now received letters from Nationwide Insurance Group that some of the information stored on a part of the Nationwide system used by agents and others had been hacked, with the result that some personal identification information may have been exposed to the hackers.   As part of the company response, the company has offered free credit monitoring to all of these people in an effort to protect those people from identity theft and financial harm.

Not all of the persons contacted are customers of the company.  Some are clients of insurance agents who approached Nationwide’s system to get quotes for insurance protection.  The clients might well not have known to which insurers brokers and agents submitted requests for quotes.  That list could have included Nationwide or one of its affiliates. This could mean that if the recipient has no actual relationship with the company, the Nationwide letter might seem to be erroneous and have no meaning,

Nevertheless, the threat of potential identity theft from this security breach may be real. The credit monitoring offered by the company is a necessary protection and should not be ignored. “We know the company has responded well to this event,” said Iowa Insurance Commissioner Susan Voss.  “The Nationwide companies located in Iowa contacted us early on, as they did to the Ohio Insurance department as the domestic regulator for the parent company and to law enforcement officials. They soon identified the Nationwide customers and prospective customers who could have been effected, notified those customers and provided a corrective protection plan.  But those whose personal information was exposed need to be continuing to check for themselves to make sure cyber-criminals are not victimizing them.”

Iowa is the domestic regulator for some Nationwide companies, while Ohio and many other states in which Nationwide does business share in the national regulation and oversight of the company’s operations.  These states routinely examine these companies for solvency, compliance with state laws and with systems in the company.  The information system that was hacked is one of them, so state regulators will be considering any vulnerabilities that were exploited and seeking to assure that those vulnerabilities are addressed.

Nationwide company representatives will be appearing tomorrow as part of a regular meeting of the state insurance regulators for all states at the National Association of Insurance Commissioners Conference in the Washington DC suburb of National Harbor, MD.  These regulators will have the opportunity to clarify the nature and scope of the problem and understand the potential risk to any persons in contact with the company and its information system.

“Cyber-crime and identity theft can hit anyone, and any company.” Voss said, “We’re working with Nationwide and all the companies we examine to make their operations as secure as possible for customers of the insurance industry in Iowa and everywhere.”

Information provided by Nationwide regarding the breach and the company's response to those affected can be found at the following web address: Recipients of the letters from Nationwide are welcome to call the Iowa Insurance Division on its toll-free line, 877-955-1212 if they have questions.

UPDATE: December 3, 2012 - Nationwide notified Commissioner Voss this morning that in the course of their ongoing investigation of this incident, the company learned that it needed to be contacting an additional 1,557 residents of the security breach and the corrective actions available.  These added persons brings the total number of those whose personal information may have been exposed by the hackers to  91,620 Iowans.

About the Iowa Insurance Division

The Iowa Insurance Division (IID) has general control, supervision and direction over all insurance and securities business transacted in the state, and enforces Iowa’s laws and regulations. The IID investigates consumer complaints and prosecutes companies, agents and brokers engaging in unfair trade practices. Consumers with insurance or securities-related questions or complaints may contact the IID toll free at 877-955-1212 or visit the division on the web at