DES MOINES, Iowa, Nov. 30 -- The Iowa Department of Commerce's Insurance Division issued the following news release:
After the most recent mass cyber-attack of a major company, more than 90,000 Iowans have now received letters from Nationwide Insurance Group that some of the information stored on a part of the Nationwide system used by agents and others had been hacked, with the result that some personal identification information may have been exposed to the hackers. As part of the company response, the company has offered free credit monitoring to all of these people in an effort to protect those people from identity theft and financial harm.
Not all of the persons contacted are customers of the company. Some are clients of insurance agents who approached Nationwide's system to get quotes for insurance protection. The clients might well not have known to which insurers brokers and agents submitted requests for quotes. That list could have included Nationwide or one of its affiliates. This could mean that if the recipient has no actual relationship with the company, the Nationwide letter might seem to be erroneous and have no meaning,
Nevertheless, the threat of potential identity theft from this security breach may be real. The credit monitoring offered by the company is a necessary protection and should not be ignored. "We know the company has responded well to this event," said Iowa Insurance Commissioner Susan Voss. "The Nationwide companies located in Iowa contacted us early on, as they did to the Ohio Insurance department as the domestic regulator for the parent company and to law enforcement officials. They soon identified the Nationwide customers and prospective customers who could have been effected, notified those customers and provided a corrective protection plan. But those whose personal information was exposed need to be continuing to check for themselves to make sure cyber-criminals are not victimizing them."
Iowa is the domestic regulator for some Nationwide companies, while Ohio and many other states in which Nationwide does business share in the national regulation and oversight of the company's operations. These states routinely examine these companies for solvency, compliance with state laws and with systems in the company. The information system that was hacked is one of them, so state regulators will be considering any vulnerabilities that were exploited and seeking to assure that those vulnerabilities are addressed.
Nationwide company representatives will be appearing tomorrow as part of a regular meeting of the state insurance regulators for all states at the National Association of Insurance Commissioners Conference in the Washington DC suburb of National Harbor, MD. These regulators will have the opportunity to clarify the nature and scope of the problem and understand the potential risk to any persons in contact with the company and its information system.
"Cyber-crime and identity theft can hit anyone, and any company." Voss said, "We're working with Nationwide and all the companies we examine to make their operations as secure as possible for customers of the insurance industry in Iowa and everywhere."
Recipients of the letters from Nationwide are welcome to call the Iowa Insurance Division on its toll-free line, 877-955-1212 if they have questions.
TNS mv45 121201-4125792 61MarlynVitin