MOVEit cyber incident - Sun Life U.S.

PBI’s services help Sun Life pay life insurance and related benefits in a timely manner by complying with regulatory requirements to regularly check external sources, such as government databases including the Social Security Administration, to determine if benefits are due to beneficiaries.

MOVEit is a widely used business-to-business managed file transfer software solution that allows an organization such as PBI to transfer files internally and between parties. Hackers exploited a vulnerability in Progress Software’s technology to access data in the supply chains of organizations around the world.

PBI advised that the personal information of certain members and account holders of our group life, long-term disability and life premium waiver insurance offered through employers, as well as individual life insurance and group pension annuities, was accessed. We confirmed the personal information accessed by hackers included name, Social Security ‎Number, policy/account number and/or date of birth of some members and account holders.‎

IMPORTANT: No financial information, such as premium or account values, was exposed. No claim or medical information was exposed. No policy documents were exposed.

We worked with PBI to notify members whose personal information was affected, and provided any applicable credit monitoring and identity protection services.

Sun Life also encouraged members to take precautions such as monitoring their accounts and credit history for signs of unauthorized activity. And, while no passwords were exposed, we advised it is always a good idea to regularly change account passwords.

To help secure the online identity and accounts for you or your loved ones, here are actions that you can take to remain vigilant about the protection of personal information:

• Regularly review financial accounts and insurance information and contact your providers, such as banks or credit card companies, right away to report any suspicious activity.
• If you are concerned your information has been exposed, contact one of the major credit-reporting agencies listed in the table below to initiate a fraud alert and security freeze (credit freeze). However, be aware that a fraud alert or security freeze may interfere with or delay legitimate requests for credit approval. These agencies also offer free credit reports that you can check for unusual activity.
• If you are managing accounts of a loved one who has passed away and are concerned their information has been exposed, you can add a flag to their credit file with an alert advising lenders not to issue credit. In most cases, a flag will prevent the opening of new credit accounts in their name.

• Be extra cautious with emails, texts, and social media messages you receive. Validate the sender, and do not respond unless you are certain the sender is legitimate.
  
• Regularly change account passwords, use strong passwords, and avoid using the same password across various accounts.
• Additional guidance about protecting against identify theft is available from the Federal Trade Commission at www.identitytheft.gov.