US insurance and investment firm Transamerica has reportedly acknowledged that hacker(s) have managed to infiltrate its systems. The firm confirmed hackers have stolen around 45,000 customers’ personal data, including social security numbers.

The Register reported that Transamerica sent a formal notice to the California Attorney General’s office earlier this month. In the notice, the firm stated that an “unauthorized” individual managed to infiltrate its systems using compromised third-party credentials to access users’ account data. Transamerica said that it believes the incident may have occurred between March 2017 and January 2018.

“Of the approximately 5.4 million participant accounts that Transamerica serves in the United States, we have identified approximately 45,000 individuals whose personal data was potentially exposed as a result of this incident,” a spokesperson for Transamerica told The Register. “We remain dedicated to providing the highest quality of care and security to our customers and are working with care, diligence and expert resources to bring this to a conclusion.”

Transamerica claims that over 4 million people are part of its retirement plans. The data accessed by hacker(s) pertains to the individuals that hold a Transamerica Retirement Solutions account.

The data stolen by the hacker(s) may have included customers’ names, addresses, social security numbers, date of births, financial data and employment information. The firm stated that the user accounts were accessed only once or for a limited period of time.

“We began an investigation as soon as we learned of the incident, engaged a leading cybersecurity forensics firm, and contacted appropriate law enforcement,” Transamercia said in its formal notice. “We continue to work diligently to minimize the impact of this event and may take additional steps to enhance the security of your account based on our investigation. We have also arranged to offer identity monitoring services at no cost to you for one year.”

Transamerica is reportedly flagging and monitoring individual accounts that may have been accessed by the hacker(s). The firm is also reportedly requesting users change passwords, replacing them with more complex and secure passwords.

Cyware Publisher