Milliman Solutions, LLC suffered a data breach due to a cyberattack on its third-party vendor, Pension Benefit Information, LLC, between May 29–30, 2023. The incident exposed the personal information of 17,235 Washington residents, including highly sensitive data such as full names, Social Security numbers (SSNs), and dates of birth. The breach was publicly disclosed by the Washington State Office of the Attorney General on July 17, 2023. The compromised data poses significant risks, including identity theft, financial fraud, and long-term reputational harm to affected individuals. SSNs and full dates of birth are critical identifiers often exploited in fraudulent activities, such as opening unauthorized credit accounts, filing fraudulent tax returns, or accessing government benefits. While the breach originated from a vendor, Milliman Solutions bears responsibility for the protection of client data shared with third parties, raising concerns about its vendor risk management and cybersecurity protocols. The attack did not involve ransomware but resulted in the unauthorized access and exfiltration of personally identifiable information (PII), directly impacting customers. The scale and sensitivity of the leaked data amplify the severity, as recovery efforts (e.g., credit monitoring, identity restoration) may extend for years.
TPRM report: https://www.rankiteo.com/company/milliman-middle-east
"id": "mil947091725",
"linkid": "milliman-middle-east",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17,235 (Washington residents)',
'industry': 'Financial/Actuarial Services',
'name': 'Milliman Solutions, LLC',
'type': 'Company (Client)'},
{'industry': 'Pension/Benefits Administration',
'name': 'Pension Benefit Information, LLC',
'type': 'Vendor'},
{'industry': 'Legal/Regulatory',
'location': 'Washington, USA',
'name': 'Washington State Office of the Attorney '
'General',
'type': 'Government (Reporting Entity)'}],
'data_breach': {'data_exfiltration': 'Likely (PII accessed)',
'number_of_records_exposed': '17,235',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-07-17',
'description': 'The Washington State Office of the Attorney General reported '
'that Milliman Solutions, LLC experienced a data breach '
'involving a cyberattack on its vendor, Pension Benefit '
'Information, LLC. The breach occurred on May 29 and 30, 2023, '
'compromising the personal information of 17,235 Washington '
'residents, including names, Social Security numbers, and full '
'dates of birth.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'full dates of birth'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'date_accessed': '2023-07-17',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Attorney General '
'(disclosure)'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Attorney General'},
'title': 'Milliman Solutions, LLC Data Breach via Vendor Pension Benefit '
'Information, LLC',
'type': 'Data Breach'}