Cyber Incident Victim: New York Life Insurance Company
Date:
Dec 2025
Location:
United States of America
Summary
New York Life Insurance Co. discovered unauthorized access to one of its agents' email accounts and, after securing the account and completing an investigation, confirmed that the compromised account contained some clients' personal information. The exposed data included names, addresses, Social Security numbers, driver's license numbers, financial information such as account or credit/debit card numbers, medical information, health insurance information, and dates of birth. Individuals who received a breach notification may face an increased risk of identity theft and fraud, prompting a national class action law firm to launch an investigation into potential legal claims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
New York Life Insurance Co. learned of an incident on or about December 2, 2025. On that date the company discovered unauthorized access to one of its agents' email accounts. After securing the account, the insurer conducted a detailed investigation. On April 8, 2026, the company confirmed that the compromised account contained some clients' personal information.
The exposed personal data included names, addresses, Social Security numbers, driver's license numbers, financial information such as account or credit/debit card numbers, medical information, health insurance information, and dates of birth. Individuals who received a data breach notification from New York Life Insurance Co. may face an increased risk of identity theft and fraud.
On May 17, 2026, Edelson Lechtzin LLP, a national class action law firm, announced that it is investigating data privacy claims arising from the New York Life Insurance Co. breach. The firm is offering free case evaluations to individuals who may have been affected. Edelson Lechtzin LLP will evaluate potential claims and pursue legal remedies on behalf of those whose sensitive personal data may have been compromised. The firm's offices are located in Pennsylvania and California.