Hackers steal customer info from insurance provider Nationwide
The insurance company reports a hack from October that compromises the personal information of 1.1 million people.
Hackers broke into insurance company Nationwide's network in early October, stealing the personal information of more than a million customers across the country, the insurance company recently revealed.
The company said the compromised information included people's names and a combination of Social Security numbers, driver's license numbers, their date of birth, and possibly marital status, gender, and occupation, as well as the names and addresses of employers. Nationwide said it had no evidence that any medical information or credit card account data was stolen.
"We discovered the attack that day, and took immediate steps to contain the intrusion. We believe that we successfully contained the attack through our responsive actions," reads Nationwide's note. The company explained in an accompanying FAQ that it thinks the attack is linked to hackers from outside the U.S.
The hack occurred on October 3. The company said it "promptly" launched an investigation and concluded on October 16 that personal information "likely" had been stolen. On November 2, Nationwide determined the identities of affected customers. The case has now been handed over to law enforcement.
A company spokesperson said 1.1 million people were affected by this hack. Nationwide began sending letters to these customers on November 16. Although the company posted its online notice on the same day, news of the hack has only been recently circulated by news outlets.
Although the information apparently hasn't been used for criminal purposes -- yet -- Nationwide is offering free credit-monitoring and identity-theft protection for one year as a precaution for those customers.
Updated at 3:46 p.m. PT: with more information from Nationwide.
Correction at 8:14 a.m. PT December 6: The date the investigation launched was incorrect. Nationwide said it started its investigation "promptly" after the discovery of the incident on October 3.