On December 3, 2021, the California Office of the Attorney General disclosed a data breach at Nippon Life Insurance Company of America, stemming from an unauthorized access to an employee’s email account on October 5, 2021. The incident exposed sensitive personal information of affected individuals, including names, Social Security numbers, and medical treatment/diagnosis details. While the exact number of impacted individuals was not specified, the breach posed significant risks of identity theft and financial fraud. In response, the company implemented remedial measures such as resetting email passwords and offering 12 months of complimentary credit monitoring and identity protection services to mitigate potential harm. The breach underscored vulnerabilities in employee account security, raising concerns over the protection of highly confidential customer data within the insurance sector.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-548222
TPRM report: https://www.rankiteo.com/company/nippon-life-benefits
"id": "nip940082125",
"linkid": "nippon-life-benefits",
"type": "Breach",
"date": "10/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services / Insurance',
'location': 'California, USA (reported by California '
'AG)',
'name': 'Nippon Life Insurance Company of America',
'type': 'Insurance Company'}],
'attack_vector': 'Compromised Email Account',
'customer_advisories': ['Offered 12 months of credit monitoring and identity '
'protection services'],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access to email '
'account)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs and medical '
'treatment/diagnosis details)',
'type_of_data_compromised': ['Personal Information',
'Health Information']},
'date_detected': '2021-10-05',
'date_publicly_disclosed': '2021-12-03',
'description': 'On December 3, 2021, the California Office of the Attorney '
'General reported a data breach involving Nippon Life '
'Insurance Company of America. The breach occurred on October '
'5, 2021, when an unauthorized party accessed an employee '
'email account, potentially exposing personal information '
'including names, Social Security numbers, and '
'treatment/diagnosis information. The company responded by '
'changing email passwords and offering 12 months of credit '
'monitoring and identity protection services to affected '
'individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive personal and '
'health data',
'data_compromised': ['Names',
'Social Security Numbers',
'Treatment/Diagnosis Information'],
'identity_theft_risk': 'High (due to exposure of SSNs and personal '
'data)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2021-12-03',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (health '
'data exposure)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': ['Public disclosure via California AG '
'report'],
'containment_measures': ['Password reset for compromised email '
'account'],
'incident_response_plan_activated': 'Likely (password changes '
'and credit monitoring '
'offered)',
'recovery_measures': ['12 months of credit monitoring and '
'identity protection services for affected '
'individuals']},
'title': 'Nippon Life Insurance Company of America Data Breach (2021)',
'type': 'Data Breach'}