Massachusetts Mutual Life Insurance Company suffered a breach affecting 27 records, including Account # and SSN.
"What happened: On August 20, 2017, Mass Mutual’s fraud prevention team identified potential fraudulent telephone activity directed toward MassMutual call centers. Upon conducting an investigation into that the activity identified, it was determined that beginning on August 17, 2017 an unknown perpetrator contacted MassMutual call centers purporting to be two separate MassMutual insurance agents.The perpetrator requested assistance in resetting those two agents’ system access credentials (e.g., user name, password, multi-factor authentication). The perpetrator had readily available nonpublic personal information associated with these two agents and, through social engineering tactics, was able to provide such information to the call center personnel to successfully authenticate as the respective agents resulting in the access credentials being reset. Mass Mutual identified that this individual then used the credentials to access MassMutual business systems that included nonpublic personally identifiable information associated with each agents’ clients.
What information was involved: Your personal information that may have been involved includes your name, Social Security number, MassMutual policy/account number, [address],[date of birth], [and telephone number]."
A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client. The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers. The incident occurred on December 3.
The 401(k) retirement plan information of certain clients was inadvertently exposed when a MassMutual account manager sent an email on May 8. Names, Social Security numbers, investment elections, and account balances were included in the email. A third party provider received the email and confirmed that the information was deleted without being saved or copied. The employee who accidentally sent the sensitive email received training on proper security procedures.
An error at Convey Compliance Systems, Inc. resulted in 1099 forms being mailed to incorrect addresses. The 1099 forms contained names, Social Security numbers, tax identification numbers, and addresses. The financial information of some Massachusetts Mutual Life Insurance Company clients was exposed.
On July 13, MassMutual inadvertently sent a report via secure email that included client information to an incorrect retirement Plan Sponsor. Client names, Social Security numbers, and 401(k) balance information were exposed. The individual who received the plan information informed MassMutual of the error immediately and claimed to have deleted the information without storing or printing it.