Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
August 29, 2017
Company: Massachusetts Mutual Life Insurance Company
Location: Springfield, Massachusetts
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
0

"What happened: On August 20, 2017, Mass Mutual’s fraud prevention team identified potential fraudulent telephone activity directed toward MassMutual call centers. Upon conducting an investigation into that the activity identified, it was determined that beginning on August 17, 2017 an unknown perpetrator contacted MassMutual call centers purporting to be two separate MassMutual insurance agents.The perpetrator requested assistance in resetting those two agents’ system access credentials (e.g., user name, password, multi-factor authentication). The perpetrator had readily available nonpublic personal information associated with these two agents and, through social engineering tactics, was able to provide such information to the call center personnel to successfully authenticate as the respective agents resulting in the access credentials being reset. Mass Mutual identified that this individual then used the credentials to access MassMutual business systems that included nonpublic personally identifiable information associated with each agents’ clients.

What information was involved: Your personal information that may have been involved includes your name, Social Security number, MassMutual policy/account number, [address],[date of birth], [and telephone number]."

Information Source:
California Attorney General
Date Made Public:
December 16, 2013
Company: Massachusetts Mutual Life Insurance Company
Location: Springfield, Massachusetts
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
0

A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers.  The incident occurred on December 3.

Information Source:
California Attorney General
Date Made Public:
June 5, 2013
Company: Massachusetts Mutual Life Insurance Company, MassMutual Financial Group
Location: Springfield, Massachusetts
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
0

The 401(k) retirement plan information of certain clients was inadvertently exposed when a MassMutual account manager sent an email on May 8.  Names, Social Security numbers, investment elections, and account balances were included in the email.  A third party provider received the email and confirmed that the information was deleted without being saved or copied. The employee who accidentally sent the sensitive email received training on proper security procedures.

Information Source:
California Attorney General
Date Made Public:
February 26, 2013
Company: Massachusetts Mutual Life Insurance Company, Convey Compliance Systems, Inc.
Location: Springfield, Massachusetts
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
0

An error at Convey Compliance Systems, Inc. resulted in 1099 forms being mailed to incorrect addresses.  The 1099 forms contained names, Social Security numbers, tax identification numbers, and addresses.  The financial information of some Massachusetts Mutual Life Insurance Company clients was exposed.

Information Source:
California Attorney General
Date Made Public:
July 31, 2012
Company: Massachusetts Mutual Life Insurance Company (MassMutual)
Location: Springfield, Massachusetts
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
0

On July 13, MassMutual inadvertently sent a report via secure email that included client information to an incorrect retirement Plan Sponsor.  Client names, Social Security numbers, and 401(k) balance information were exposed.  The individual who received the plan information informed MassMutual of the error immediately and claimed to have deleted the information without storing or printing it.

Information Source:
California Attorney General
CSV