An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.
The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but it waited to inform consumers directly. Earlier news accounts offered some hints at the scope of the breach, including some 30,000 victims in Florida and Ohio and 90,000 in Iowa.
“Although we are not aware of any misuse of consumers’ information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack,” the company said in a statement released Wednesday.
That personally identifiable information includes names and Social Security numbers, driver’s license numbers and/or dates of birth. It also may include marital status, gender, occupations and the name and address of an employer. The company said there isn’t any indication other sensitive data – such as medical information or credit card numbers — was stolen.
Nationwide hired an outside expert to analyze impacted data and determine who needed to be notified their personal information had been compromised. The Washington Post and other news outlets say the number of notifications is at 1.1 million.
The company is offering a years’ worth of free credit monitoring and up to $1 million in ID theft protection for victims.
Anyone who sought an insurance quote from the two insurers — whether they are notifed or not — should carefully check bank statements for any unusual activity.