More than 37,500 Delaware agents, policyholders, beneficiaries impacted
Following the receipt of additional data breach reports from insurers, including those related to the breach of the MOVEit file transfer services system used by third-party vendors, the Delaware Department of Insurance is updating this consumer alert and will be updating the online posting as information is received.
Residents who may be agents, policyholders, or beneficiaries of the following insurers should be aware that their personal data may have been compromised, and should watch for contact:
| Company Name(s) | Potential Delawareans Impacted |
| Teachers Insurance and Annuity Assoc. | 8,799 |
| Genworth Life Insurance Company Genworth Life and Annuity Insurance Co. Genworth Life Insurance Co. of NY |
8,897 |
| Humana | 6,600 |
| Wilton Reassurance Company Wilton Reassurance Life Co. of NY Wilcac Life Insurance Co. Texas Life Insurance Co. |
1,405 |
| Highmark Blue Cross Blue Shield Delaware | 4,128 |
| Fidelity & Guaranty Life Insurance Co. | 3,460 |
| MassMutual Ascend Life Insurance Co. Annuity Investors Life Insurance Co. Manhattan National Life Insurance Co. |
3,123 |
| Hartford Life & Accident Co. | 2,922 |
| Talcott Resolution Life Insurance Co. Talcott Resolution Life and Annuity Ins. Co. |
2,030 |
| The Independent Order of Foresters | 1,539 |
| Lumico Family Lumico Life Insurance Co. Elips Life Insurance Co. Swiss Re Life & Health America |
1,379 |
| Progressive Casualty Insurance | 1,239 |
| Fidelity Life Assoc. | 1,193 |
| American National Insurance Co. | 711 |
| Sun Life and Health Insurance Co. Sun Life Assurance Company of Canada |
615 |
| RiverSource Life Insurance Co. | 459 |
| Disability Reinsurance Management Services, Inc. | 293 |
| Nassau Life and Annuity Co. | 259 |
| Unum | 257 |
| TransAmerica Life Insurance Co. | 253 |
| Delaware Life Insurance Company Clear Spring Life and Annuity Company |
250 |
| Athene Annuity & Life Assurance Co. | 206 |
| Brighthouse Life Insurance Co. | 151 |
As shared during a June 26 consumer alert, the MOVEit data breach and other data security events trigger Delaware’s Insurance Data Security Act, which in addition to proactive data security measures and other requirements, mandates the following occur:
- Investigation of a cybersecurity event and correction of compromised information systems
- Detailed reporting to the Insurance Commissioner
- Notification to consumers within 60 days, except in cases where federal law or law enforcement agencies require or request modified timelines
Consumers must be provided credit monitoring services at no cost for a period of at least one year in addition to receiving information regarding freezing one’s credit
Insurance Commissioner Trinidad Navarro encouraged consumers to protect their identities and reassured residents that the breach will be investigated thoroughly. “I take any breach of personal information very seriously, and encourage consumers affected to utilize the identity and credit protection services offered. Our Market Conduct staff, likely alongside investigators across the country, will work to investigate the situation and assess if appropriate safeguards were in place for the handling of data.”
The department worked with the General Assembly in 2019 to pass the Insurance Data Security Act and was one of the first states to implement the National Association of Insurance Commissioner’s model law. The law is an effort to fortify security measures and protect consumer data. It requires insurance companies and their vendors to follow certain data protection and breach protocols, including notification. The department may investigate violations of the Act and levy penalties accordingly.
Consumers should consider freezing their credit report due to the incident.
[Last Update: August 16, 2023 – Insurer and Producer added; Impact counts amended]