The Union Labor Life Insurance Company

On June 22, 2017, The Union Labor Life Insurance Company suffered a data breach involving unauthorized access to an employee’s email account. The incident, reported by the California Office of the Attorney General on October 27, 2017, exposed sensitive personal information, including names, Social Security numbers (SSNs), and personal health data. While the breach compromised the email account, it remains unclear whether the unauthorized party actually accessed or exfiltrated the exposed data. The exposed information, if accessed, could pose significant risks such as identity theft, financial fraud, or misuse of health records. The breach highlights vulnerabilities in email security protocols and the potential consequences of insider account compromises, particularly when sensitive employee and customer data is involved. The company likely faced regulatory scrutiny and may have been required to implement additional safeguards to prevent future incidents of this nature.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-103061

TPRM report: https://www.rankiteo.com/company/ullico

"id": "ull009091825",
"linkid": "ullico",
"type": "Breach",
"date": "6/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Insurance',
                        'location': 'California, USA',
                        'name': 'The Union Labor Life Insurance Company',
                        'type': 'Insurance Company'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'data_breach': {'data_exfiltration': 'Uncertain (potential exposure, but '
                                      'access not confirmed)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII, PHI, SSNs)',
                 'type_of_data_compromised': ['Personal Information',
                                              'Social Security Numbers (SSNs)',
                                              'Personal Health Information']},
 'date_detected': '2017-06-22',
 'date_publicly_disclosed': '2017-10-27',
 'description': 'The California Office of the Attorney General reported that '
                'The Union Labor Life Insurance Company experienced a data '
                "breach involving unauthorized access to an employee's email "
                'account. Personal information, including names, social '
                'security numbers (SSNs), and personal health information, was '
                'potentially exposed, though it remains uncertain if the '
                'information was actually accessed by the unauthorized user.',
 'impact': {'data_compromised': ['Names',
                                 'Social Security Numbers (SSNs)',
                                 'Personal Health Information'],
            'identity_theft_risk': 'Potential (uncertain if data was accessed)',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'investigation_status': 'Uncertain if data was accessed by unauthorized user',
 'references': [{'date_accessed': '2017-10-27',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'The Union Labor Life Insurance Company Data Breach (2017)',
 'type': 'Data Breach'}