Unum And Paul Revere Life Insurance Cos. To Pay $1.8M Penalty For Cybersecurity Violations
New York Superintendent of Financial Services Linda A. Lacewell announced that First Unum Life Insurance Company of America and Paul Revere Life Insurance Company will pay a $1.8 million penalty to New York State for violations of DFS’s Cybersecurity Regulation that caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of consumers nationally and hundreds in New York.
“The Department requires all regulated licensees to prioritize cybersecurity and safeguard consumer personal, non-public data,” said Superintendent Lacewell. "The cornerstone of our Cybersecurity Regulation is ensuring that all private data is protected, and this is not just an aspirational goal. We remain committed to ensuring that cybersecurity is treated with the urgency it requires so as to best protect New York consumer data.”
The Companies, licensed life insurance companies, collect private data during their day-to-day operations. The Department’s investigation found that the Companies had been the subject of two phishing attacks in 2018 and 2019.
These cyberattacks, which involved phishing e-mails designed to harvest employee e-mail account credentials, compromised the email accounts of several First Unum and Paul Revere employees, who have access to a significant amount of sensitive and personal data of the Companies’ customers.
The investigation uncovered, among other things, that First Unum and Paul Revere violated the DFS Cybersecurity Regulation by failing to implement Multi-Factor Authentication (“MFA”) without implementing reasonably equivalent or more secure access controls approved in writing by the Company’s Chief Information Security Officer. Further, both First Unum and Paul Revere falsely certified compliance with the Cybersecurity Regulation for the calendar year 2018 because MFA was not fully implemented.
As part of the settlement, the Companies agreed to pay a $1.8 million monetary penalty and to implement further improvements to their existing cybersecurity program to ensure that their cybersecurity controls are fully compliant with the Cybersecurity Regulation.
DFS’s Cybersecurity Regulation became effective in March 2017. The Cybersecurity Regulation was drafted with substantial industry input: DFS surveyed nearly 200 regulated banking institutions and insurance companies, met with a cross-section of those surveyed and cybersecurity experts during the drafting period, and granted two rounds of notice and comment. Additional implementation time was granted for multiple provisions, and the regulation was not fully in effect until March 2019.
DFS’s Cybersecurity Regulation has served as a model for other regulators, including the Federal Trade Commission, multiple states, the National Association of Insurance Commissioners, and the Conference of State Bank Supervisors.




Consumer Reps: Insurers Use ‘Bad Faith’ On Underwriting Definitions
Investors Want More Comp Clarity, But 3 of 4 Don’t Get It
Advisor News
- NAIFA: Financial professionals are essential to the success of Trump Accounts
- Changes, personalization impacting retirement plans for 2026
- Study asks: How do different generations approach retirement?
- LTC: A critical component of retirement planning
- Middle-class households face worsening cost pressures
More Advisor NewsAnnuity News
- Ancient Financial Launches as a Strategic Asset Management and Reinsurance Holding Company, Announces Agreement to Acquire F&G Life Re Ltd.
- FIAs are growing as the primary retirement planning tool
- Edward Wilson Joins SEDA, Bringing Deep Expertise in Risk Management, Derivatives Trading and Institutional Prime Brokerage
- Trademark Application for “INSPIRING YOUR FINANCIAL FUTURE” Filed by Great-West Life & Annuity Insurance Company: Great-West Life & Annuity Insurance Company
- Jackson Financial ramps up reinsurance strategy to grow annuity sales
More Annuity NewsHealth/Employee Benefits News
- Genworth Financial Announces Fourth Quarter 2025 Results
- 'Welcome to the movement': Whitman College staff seek to form union
- Red and blue states want to limit AI in insurance. Trump wants to limit the states
- NABIP asks Congress to stabilize ACA market, address affordability
- Expired federal subsidies leave fewer Walla Walla residents with health insurance
More Health/Employee Benefits NewsProperty and Casualty News
- ProAssurance Reports Results for Fourth Quarter and Full-Year 2025
- American Integrity Insurance Group, Inc. Announces Participation in the 47th Annual Raymond James Institutional Investors Conference
- Best’s Market Segment Report: Rate Actions, Investment Gains Drive US Property/Casualty Insurance Segment’s 2025 Results; Headwinds May Pressure Carriers in 2026
- Expedited final ruling holding up $4B settlement distribution
- GOVERNOR HOCHUL UNVEILS GRASSROOTS SUPPORT BEHIND HER PROPOSALS TO LOWER THE COST OF AUTO INSURANCE
More Property and Casualty News