The California Office of the Attorney General disclosed a data breach affecting Pan-American Life Insurance Company (PALIC) on December 4, 2023, stemming from a vulnerability in third-party software (MOVEit Transfer) exploited on May 28, 2023. The breach exposed sensitive personal information, including names, addresses, Social Security numbers, and financial data of an undisclosed number of individuals. The compromised data poses significant risks, such as identity theft, financial fraud, and reputational harm to the affected parties. While the exact scale of the breach remains unconfirmed, the exposure of such critical details underscores severe operational and compliance failures. PALIC’s reliance on vulnerable third-party software highlights broader cybersecurity gaps in supply chain dependencies, amplifying the potential for large-scale data exploitation by malicious actors. The incident necessitates regulatory scrutiny, customer notifications, and remediation efforts to mitigate long-term consequences for both the company and its clients.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-577420
TPRM report: https://www.rankiteo.com/company/pan-american-life-insurance-group
"id": "pan721082025",
"linkid": "pan-american-life-insurance-group",
"type": "Vulnerability",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Insurance / Financial Services',
'location': 'United States (reported via California '
'Office of the Attorney General)',
'name': 'Pan-American Life Insurance Company (PALIC)',
'type': 'Insurance Company'}],
'attack_vector': 'Exploitation of third-party software vulnerability (MOVEit '
'Transfer)',
'data_breach': {'data_exfiltration': 'Potential (unconfirmed)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
'addresses',
'social security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_publicly_disclosed': '2023-12-04',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Pan-American Life Insurance Company (PALIC) '
'due to a vulnerability in third-party software (MOVEit '
'Transfer), potentially exposing personal information '
'including names, addresses, social security numbers, and '
'financial data.',
'impact': {'data_compromised': ['names',
'addresses',
'social security numbers',
'financial data'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'payment_information_risk': 'High',
'systems_affected': ['MOVEit Transfer']},
'investigation_status': 'Ongoing (number of affected individuals unknown)',
'post_incident_analysis': {'root_causes': 'Vulnerability in third-party '
'software (MOVEit Transfer)'},
'references': [{'date_accessed': '2023-12-04',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Pan-American Life Insurance Company (PALIC) Data Breach via MOVEit '
'Transfer Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer vulnerability'}