Hackers accessed personal information—including Social Security numbers — of more than 28,000 Georgians after a computer breach at Nationwide Mutual Insurance Co.
The unauthorized access extends to customers beyond Georgia, but the Ohio-based insurer declined to say how many clients elsewhere have been affected and in how many other states.
The company is “not aware of any misuse of personal information at this time,” a Nationwide spokeswoman said in an e-mail statement Tuesday.
The FBI and other law enforcement agencies are investigating, the spokeswoman told The Atlanta Journal-Constitution.
The company did not disclose whether information was actually stolen or merely viewed by the perpetrators, but labeled the breach a criminal act.
Georgia Insurance Commissioner Ralph Hudgens said that Nationwide informed his office that names, drivers license numbers, dates of birth and marital statuses were among the other pieces of sensitive data accessed.
The breach affected not only Nationwide policy holders but also the personal information of applicants for Nationwide services.
Nationwide is among the largest automotive and property insurers in the U.S. The company also provides mortgages and other financial services.
The release of Social Security numbers, drivers license numbers and birth dates opens the door to identity theft through the creation of new credit accounts, said Beth Givens, director of the Privacy Rights Clearinghouse, a California-based nonprofit consumer rights organization.
“Those three pieces alone are the keys to the kingdom for new account identity fraud,” Givens said.
Hudgens office said Nationwide on Friday mailed notices to Georgia customers. Notices mailed to customers in California said the breach occurred Oct. 3.
Elizabeth Christopher Giannetti, a Nationwide spokeswoman, said only affected customers are being notified by the company.
She declined to comment on the scope of what she termed “a criminal attack” on Nationwide’s systems, saying that the company wished to avoid alarming customers who were not affected.
In the letter to California customers, Nationwide said that on Oct. 3 “a portion of our computer network that is used by Nationwide Insurance agents and Allied Insurance agents was criminally intruded upon by an unidentified criminal perpetrator. We discovered the attack that day, and took immediate steps to contain the intrusion. We believe that we successfully contained the attack through our responsive actions.”
The number of affected Georgians disclosed by the state Insurance Commissioners office is likely the total number of Nationwide’s clients and applicants in the state, Giannetti said. She did not have an definitive number.
Hudgens said Nationwide has provided his office with documentation that written notice was provided to Georgia customers, and the company has established a consumer hotline at 1-800-760-1125.
Consumers with questions can also call the insurance commissioner’s office at 1-800-656-2298.
In addition to these steps, Nationwide is offering affected customers and applicants free credit monitoring and protection services from Equifax for up to one year.
Givens, of the Privacy Rights Clearinghouse, said her organization recommends consumers take advantage of the credit protection offered by Nationwide. Customers also should consider if placing a freeze on their credit is appropriate.
About the Author