On May 29–30, 2023, Athene Annuity and Life Company suffered a data breach stemming from a third-party vendor security incident involving the MOVEit application, a widely exploited file-transfer tool. The breach exposed sensitive personal information, specifically Social Security numbers (SSNs), of 70,412 individuals, including 477 Maine residents. The incident was publicly disclosed by the Maine Office of the Attorney General on July 20, 2023. The compromised data primarily SSNs poses severe risks, including identity theft, financial fraud, and long-term reputational harm to affected individuals. While the breach did not involve ransomware or direct system infiltration of Athene’s core infrastructure, the leak of highly sensitive customer data through a supply-chain vulnerability underscores critical gaps in third-party risk management. The scale of exposure, combined with the nature of the stolen data, elevates the incident’s gravity, as SSNs are immutable identifiers with lifelong fraud potential. Athene’s response likely included notifications to affected parties, regulatory filings, and potential credit monitoring offerings, though the breach’s broader operational or financial impact on the company remains undisclosed. The incident aligns with a broader trend of exploits targeting MOVEit, highlighting systemic vulnerabilities in widely used enterprise software.
TPRM report: https://www.rankiteo.com/company/athene-usa
"id": "ath040090625",
"linkid": "athene-usa",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '70,412 (including 477 Maine '
'residents)',
'industry': 'Annuity and Life Insurance',
'location': 'United States',
'name': 'Athene Annuity and Life Company',
'type': 'Insurance/Financial Services'}],
'attack_vector': 'Third-party vendor vulnerability (MOVEit application)',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '70,412',
'personally_identifiable_information': ['Social Security '
'numbers'],
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-07-20',
'description': 'Athene Annuity and Life Company experienced a data breach due '
'to a third-party vendor security incident involving the '
'MOVEit application. The breach compromised Social Security '
'numbers of 70,412 individuals, including 477 residents of '
'Maine.',
'impact': {'data_compromised': ['Social Security numbers'],
'identity_theft_risk': 'High (SSNs exposed)',
'systems_affected': ['MOVEit application (third-party vendor)']},
'references': [{'date_accessed': '2023-07-20',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': 'Athene Annuity and Life Company Data Breach via MOVEit '
'Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer zero-day vulnerability '
'(CVE-2023-34362)'}