og.16041_3534.jpg

Data Breach Alert: Unum Group | Console and Associates, P.C.

Cyberthreats continue to be a hot topic in today’s news cycle, with new data breaches and other cyberattacks being reported almost every day. One of the most recent data breaches involves Unum Group, a Fortune 500 insurance company based in Chattanooga, Tennessee.

News of the Unum data breach just broke, and details are sparse. However, according to one source, on November 23, 2021, Unum Group first discovered the breach. Through a subsequent investigation, the company determined that the breach exposed consumer data between the dates of October 28, 2021 and November 15, 2021. While the investigation into this data security incident is still ongoing, the company confirmed that the data breach resulted in certain information being compromised. While the company was unable to confirm exactly what information was accessible, it may include the names, addresses, Social Security numbers, and health insurance information of affected parties. On January 28, 2022, Unum Group began sending out data breach notification letters to affected parties.

The data breach lawyers at Console & Associates, P.C. are investigating the Unum data security incident to determine whether affected parties have any legal claims against the company. If evidence emerges that Unum Group failed to meet its consumer privacy and data security obligations, the company may be liable through a data breach class action lawsuit.

What Are the Causes of a Data Breach?

Cyberattacks such as the Unum data breach are increasingly common in today’s technologically-centered society. Businesses store vast amounts of data electronically and hackers know this. Thus, hackers regularly orchestrate cyberattacks to obtain sensitive consumer information that they may later use for various criminal purposes, such as identity theft. However, despite the very real risks they present to consumers, there is widespread misunderstanding about these cybersecurity events. For those impacted by a data breach, it is essential to understand what happened, what your rights are, and how you can pursue them.

Once a cybercriminal breaches a computer network, they can access and remove sensitive consumer information from the compromised systems. After a security breach, companies can often identify which files were accessible to the unauthorized party; however, they may not be able to confirm which of the compromised files were viewed by a hacker or whether a hacker removed any of the data contained in those files. Thus, as a matter of course, companies experiencing a data breach send a notification to anyone whose information was among that which was compromised.

That being the case, just because your information may have been leaked in the Unum data breach does not necessarily mean someone will steal your identity. However, it is a possibility that you shouldn’t ignore. Given the risks that come along with having your personal information exposed, those in receipt of an Unum Group data breach notification letter should keep their eyes open for any signs of identity theft or fraud.

Can Consumers Affected by the Recent Unum Group Data Breach Pursue Legal Action Against the Company?

When you granted Unum Group access to your personal, financial and healthcare-related data, you trusted the company to keep this sensitive information secure. It certainly seems reasonable to assume that a Fortune 500 insurance company would do everything possible to address cyberthreats. However, news of the Unum Group data breach raises some very serious questions about the company’s data security measures and whether more could have been done to prevent the breach.

Regardless of their size, companies have an ethical and legal obligation to protect the sensitive consumer information in their possession. And while creating a data security system comes at a high cost, it is a justified expense when operating in an environment where cyberattacks are common. This is especially the case for a company as large as Unum Group.

The consumer privacy and data breach laws in the United States create a way for consumers to sue companies that misuse or mishandle their personal information. Of course, news of the Unum Group data breach is still very recent, and details about the incident are still emerging. So, at this point, it is too early to tell if Unum Group could be held responsible based on a failure to keep consumer data safe. However, our data breach attorneys are investigating the Unum Group security breach and its potential causes to determine the legal remedies those affected by the Unum Group breach may have against the company.

If you have questions about your ability to pursue a data breach class action lawsuit against Unum Group, contact a data breach attorney as soon as possible.

What to Do if You Received a Data Breach Notification from Unum Group

If you receive a data breach notification letter from Unum Group in the coming weeks, it means your personal data was compromised. It also means that a cybercriminal may have accessed, viewed, and stolen your personal data. You can’t be certain why they wanted your information or what they are going to do with it. However, given the risks involved, it is important you remain vigilant by taking the following steps:

  • Carefully read the data breach letter sent by Unum Group to determine what information was accessible;
  • Make a copy of the letter for your records;
  • Enroll in the free credit monitoring service provided by Unum Group;
  • Change all your online passwords and security questions;
  • Enable two-factor or multi-factor authentication, where it is available;
  • Regularly review your credit card and bank account statements for any signs of suspicious activity;
  • Monitor your credit report for any unexpected changes that may be a sign of identity theft;
  • Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
  • Notify your banks and credit card companies of the data breach.

According to the identity Theft Resource Center (“ITRC”), “freezing your credit is the single most effective way to prevent a new credit/financial account from being opened.” However, IRTC also reports that just 3% of consumers whose information is leaked place a freeze on their accounts.

About Unum Group

Unum Group, Inc. is a Fortune 500 insurance company that was founded in Maine in 1848. The company provides a range of insurance products through employer-sponsored plans, including disability insurance, group benefits and life insurance.  Unum Group is headquartered in Chattanooga, Tennessee and writes policies that cover more than 39 million people. Additionally, one in three Fortune 500 companies offer Unum insurance policies to their employees, making it the largest disability insurer in the United States. In 2020, Unum generated a net income of $793 million and the value of the company’s assets exceeds $70 billion.

Below is a copy of the initial data breach letter issued by Unum Group (a sample of the actual notice sent to consumers can be found here):

Dear, [Consumer]

Unum is writing to tell you that we recently experienced a cybersecurity incident.

What Happened? On November 23, 2021, Unum learned that Unum data may have been subject to unauthorized acquisition. We investigated this incident with the support of leading cybersecurity consultants. The investigation determined that Unum data, including your personal information, was impermissibly accessed between October 28, 2021 and November 15, 2021. We have no indication that your information has been misused, but we are informing you so that you may take precautionary measures.

What Information Was Involved? The information that may have been accessed includes your [Extra1].

What We Are Doing. We promptly took measures to secure the system impacted by this incident. In addition, we are taking steps to reduce the risk of this type of incident reoccurring. We are modifying relevant processes and continuing to evaluate any potential enhancements to our security protocols. We also have arranged for you to obtain, at no cost to you, 24 months of credit monitoring and other services from Experian. Information regarding the package of services is included in Attachment 1 to this letter. We also want you to know about other protective actions you can take.

What You Can Do. We are not aware of any evidence indicating that your personal information has been or will be misused. However, we recommend that you remain vigilant by reviewing your account statements and monitoring your free credit reports for signs of suspicious activity. Please find additional information in Attachment 2 to this letter. As noted above, you can enroll, at no cost to you, in 24 months of credit monitoring and other services from Experian. Information about enrollment is included in Attachment 1 to this letter.

For More Information. We regret that this incident occurred. If you have questions or concerns regarding this matter, please contact (866) 892-2278, Monday through Friday between 8 a.m. to 8 p.m. Eastern Time.

Leave a Comment