Massachusetts Mutual Life Company

On July 19, 2023, the Maine Attorney General's Office reported a data breach involving Massachusetts Mutual Life Company (MassMutual) that affected two Maine residents. The breach occurred on May 29 and May 30, 2023, when a threat actor exploited a zero-day vulnerability in Pension Benefit Information, LLC's MOVEit Transfer software, potentially exposing names, partial mailing addresses, Social Security numbers, and dates of birth of the affected individuals.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/cde4281c-c342-4b9e-bace-66ceefa953de.shtml

TPRM report: https://www.rankiteo.com/company/massmutual-financial-group

"id": "mas654072525",
"linkid": "massmutual-financial-group",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 2,
                        'industry': 'Financial Services',
                        'location': 'Massachusetts',
                        'name': 'Massachusetts Mutual Life Company '
                                '(MassMutual)',
                        'type': 'Insurance Company'}],
 'attack_vector': 'Zero-day vulnerability exploitation',
 'data_breach': {'number_of_records_exposed': 2,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'partial mailing addresses',
                                              'Social Security numbers',
                                              'dates of birth']},
 'date_detected': '2023-07-19',
 'date_publicly_disclosed': '2023-07-19',
 'description': 'A data breach involving Massachusetts Mutual Life Company '
                '(MassMutual) that affected two Maine residents. The breach '
                'occurred when a threat actor exploited a zero-day '
                "vulnerability in Pension Benefit Information, LLC's MOVEit "
                'Transfer software.',
 'impact': {'data_compromised': ['names',
                                 'partial mailing addresses',
                                 'Social Security numbers',
                                 'dates of birth']},
 'initial_access_broker': {'entry_point': 'MOVEit Transfer software'},
 'post_incident_analysis': {'root_causes': 'Zero-day vulnerability in MOVEit '
                                           'Transfer software'},
 'references': [{'date_accessed': '2023-07-19',
                 'source': "Maine Attorney General's Office"}],
 'title': 'MassMutual Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit Transfer software'}