On Monday, the State of Georgia Insurance Commissioner (GADOI) confirmed a data breach at Nationwide Insurance. Hackers gained unauthorized access to private and sensitive information at the company's online computers.
The announcement contained few details. It did not list the specific personal data elements stolen or exposed, nor explain how the breach happened and what the insurance company is doing so this breach won't happen again.
About 28,467 Georgia residents and policyholders were affected. The insurance company has agreed to:
- Provide the GADOI with copies of written breach notices sent to affected consumers,
- Set up a toll-free phone number (800-760-1125) for breach victims to ask questions, and
- Provide breach victims with at least one year of free credit monitoring services
Some news sources reported that the F.B.I. is investigating the breach. Another news source reported that names, birth dates, drivers license numbers, and marital statuses were stolen. Given the personal data elements stolen, the hackers can do damage.
This is not the first data breach at Nationwide. A check of the breach database at Privacy Rights Clearinghouse found that the insurance company had two small breaches (Florida and New York) during 2007 where laptops containing sensitive personal information were stolen from employee's cars. In 2006, Nationwide was one of severalinsurers affected by a lockbox theft at Concentra Preferred Systems in Ohio.
The insurance company has not disclosed the number of affected consumers in other states. More details will emerge and the number of breach victims will most likely increase since several states require notice of data breaches.