On March 3, 2021, New York Life Insurance Company reported an inadvertent disclosure of personal information due to a misconfigured document upload. In response to a request from the Wyoming Department of Insurance, a file containing sensitive details of 749 individuals—including names, partial Social Security numbers (last four digits), certificate numbers, genders, dates of birth, benefit amounts, and annuity forms—was mistakenly published on a **public insurance filings website** from **July 2020 to February 5, 2021**. The exposed data pertained to at least one Maine resident, among others. The breach stemmed from human error during a routine regulatory submission, leading to prolonged unauthorized access to personally identifiable information (PII). While no evidence of malicious exploitation was reported, the incident posed risks of identity theft, financial fraud, or phishing attacks targeting affected individuals. The company likely initiated remediation measures, including notification to impacted parties and regulatory bodies, but the exposure duration (over six months) amplified potential consequences for those whose data was compromised.
TPRM report: https://www.rankiteo.com/company/newyorklife
"id": "new027091825",
"linkid": "newyorklife",
"type": "Breach",
"date": "7/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 749,
'industry': 'Financial Services (Insurance)',
'location': 'New York, USA',
'name': 'New York Life Insurance Company',
'type': 'Insurance Provider'}],
'customer_advisories': 'Notification via state regulatory channels',
'data_breach': {'data_exfiltration': 'No (data was inadvertently published)',
'file_types_exposed': 'Insurance filings document (format '
'unspecified)',
'number_of_records_exposed': 749,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (partial SSN, financial details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (partial SSN, '
'benefit amounts)']},
'date_detected': '2021-02-05',
'date_publicly_disclosed': '2021-03-03',
'description': 'On March 3, 2021, the Maine Office of the Attorney General '
'reported that New York Life Insurance Company experienced an '
'inadvertent disclosure of personal information pertaining to '
'one Maine resident. The breach occurred when, in response to '
'a request from the Wyoming Department of Insurance, a '
'document containing personal details was mistakenly uploaded '
'to a public insurance filings website from July 2020 until '
'February 5, 2021, affecting 749 individuals. The personal '
'information included names, last four digits of Social '
'Security numbers, certificate numbers, genders, dates of '
'birth, benefit amounts, and forms of annuity.',
'impact': {'brand_reputation_impact': 'Potential (due to public disclosure of '
'sensitive data)',
'data_compromised': ['Names',
'Last four digits of Social Security numbers',
'Certificate numbers',
'Genders',
'Dates of birth',
'Benefit amounts',
'Forms of annuity'],
'identity_theft_risk': 'Moderate (partial SSN exposure)'},
'investigation_status': 'Disclosed (no further updates provided)',
'post_incident_analysis': {'root_causes': 'Human error in document '
'handling/procedures for public '
'filings'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General '
'(reported 2021-03-03)'},
'response': {'communication_strategy': 'Notification to affected individuals '
"via Maine Attorney General's office",
'containment_measures': 'Document removed from public website '
'(as of 2021-02-05)'},
'title': 'New York Life Insurance Company Inadvertent Data Disclosure (2021)',
'type': 'Data Breach (Inadvertent Disclosure)',
'vulnerability_exploited': 'Human Error (Improper Document Upload)'}