Pan-American Life Insurance Group (PALIG) a leading provider of life, accident and health insurance throughout the Americas, shared that it was impacted by the widespread data security incident involving Progress Software’s MOVEit Transfer software where third parties took advantage of a previously unknown, critical, zero-day vulnerability in the software. Progress Software announced the vulnerability and recommended users disable the software until it could be patched due to a potential risk of data exposure. PALIG immediately ceased using MOVEit Transfer, disabled it in its system and, once available from Progress Software, successfully deployed all security patches within PALIG’s environment. PALIG has been taking steps to further protect and strengthen the security of its systems. PALIG also engaged third-party cyber experts to partner with its team to launch an investigation to better understand what happened and to help prevent a similar incident in the future.
In parallel, PALIG immediately launched an investigation with the assistance of cyber experts to assess the scope of the potential exploitation of the vulnerability and notified law enforcement. The investigation revealed that an unauthorized third party appears to have taken files through PALIG’s use of MOVEit Transfer. On October 5, 2023, PALIG determined that the impacted files appear to have included personal information of individuals and may have included names, addresses, social security numbers, dates of birth, driver’s license numbers, contact information, medical and medical benefits information, subscriber numbers, certain biometric data, and financial account and credit card information.
Notifications are being sent by mail to the affected individuals to explain what happened. Out of an abundance of caution, PALIG is also offering additional services to individuals whose information was taken. There is no evidence that any information was misused for fraudulent purposes as a result of this incident.
PALIG takes the privacy and security of client information very seriously and carefully evaluates the cybersecurity posture of third-party software. PALIG will continue this effort, and it is also taking steps to further secure its use of all third-party transfer tools.
For more details on this data security incident, what PALIG is doing to address it, and available resources, please visit PALIG’s website at palig.com.
