First published, 7/7/2023
Last updated, 11/7/2023
A file transfer software called MOVEit, owned by Progress Software, was part of a global cyber-attack. Sun Life is not a MOVEit customer, and our systems, networks and business operations were not directly affected.
However, one of our vendors, Pension Benefit Information, LLC (known as PBI), advised us in late June 2023 that one of its servers was accessed by an unauthorized third party as part of the global attack. Because of this, some U.S. personal member information Sun Life shared with PBI to support our business was accessed. PBI also advised us at that time that it was not aware of any indications of identity theft or fraud in relation to this event.
We take information security very seriously at Sun Life and conducted our own investigation alongside PBI to confirm what data was involved. Working with PBI, we notified members whose personal information was affected and provided any applicable free credit monitoring and identity theft restoration services. Sun Life also encouraged members to take precautions such as monitoring their accounts and credit history for signs of unauthorized activity, along with other ways to protect their information.
We know that protecting member data is important, and regret that this happened.
A list of frequently asked questions (FAQ) follows.