John Hancock Investment Management LLC, along with its marketing vendor DG3 North American Inc., faced a 2024 data breach that exposed the personal information of nearly 53,000 individuals. The compromised data included Social Security numbers (SSNs), leading to potential identity theft and financial fraud risks. As part of a $600,000 settlement, affected individuals are eligible for reimbursement of up to $2,500 for documented losses, while those with exposed SSNs can claim $100, and others $50. The breach stemmed from inadequate data protection measures, highlighting vulnerabilities in third-party vendor security protocols. The incident underscores the severe consequences of failing to safeguard sensitive customer data, particularly when financial and personally identifiable information (PII) is involved. The exposure of SSNs critical for identity verification poses long-term risks, including fraudulent loans, tax filings, and unauthorized account openings. Regulatory scrutiny and reputational damage further compound the fallout, reinforcing the need for robust cybersecurity frameworks in financial services.
TPRM report: https://www.rankiteo.com/company/manulife-john-hancock-investments
"id": "man2502725101725",
"linkid": "manulife-john-hancock-investments",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Nearly 53,000 (shared across '
'entities)',
'industry': 'Investment Management',
'name': 'John Hancock Investment Management LLC',
'type': 'Financial Services'},
{'customers_affected': 'Nearly 53,000 (shared across '
'entities)',
'industry': 'Investment Management / Banking',
'name': 'UBS Financial Services LLC',
'type': 'Financial Services'},
{'customers_affected': 'Nearly 53,000 (shared across '
'entities)',
'industry': 'Marketing Services',
'name': 'DG3 North American Inc.',
'type': 'Vendor'}],
'customer_advisories': 'Eligibility for reimbursement of up to $2,500 in '
'documented losses or alternative cash payments ($100 '
'if SSN exposed, $50 if not).',
'data_breach': {'number_of_records_exposed': 'Nearly 53,000',
'personally_identifiable_information': 'Yes (Social Security '
'numbers, likely other '
'PII)',
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': 'Personal information (including '
'Social Security numbers)'},
'description': 'John Hancock Investment Management LLC, UBS Financial '
'Services LLC, and their marketing vendor DG3 North American '
'Inc. will pay $600,000 to settle allegations they failed to '
'protect the personal information of nearly 53,000 people '
'exposed in a 2024 data breach. Class members are eligible for '
'reimbursement of up to $2,500 in documented losses related to '
'the breach, or an alternative cash payment of up to $100 for '
'those whose Social Security number was exposed, or up to $50 '
'for those whose Social Security number wasn’t exposed.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'breach and settlement',
'data_compromised': 'Personal information of nearly 53,000 people',
'financial_loss': '$600,000 (settlement amount)',
'identity_theft_risk': 'High (Social Security numbers exposed)',
'legal_liabilities': 'Settlement for allegations of failure to '
'protect personal information'},
'post_incident_analysis': {'root_causes': 'Failure to protect personal '
'information (alleged)'},
'references': [{'source': 'Class action settlement announcement (plaintiffs’ '
'motion for final approval)'}],
'regulatory_compliance': {'fines_imposed': '$600,000 (settlement amount)',
'legal_actions': 'Class action lawsuit and '
'settlement'},
'response': {'communication_strategy': 'Settlement announcement and class '
'action reimbursement plan'},
'title': 'Data Breach at John Hancock Investment Management, UBS Financial '
'Services, and DG3 North American Inc.',
'type': 'Data Breach'}