Cyber Incident Victim: Genworth Financial
Date:
Apr 2020
Location:
United States of America
Summary
A Fortune 500 insurance firm experienced a data breach when unauthorized actors accessed insurance agents' online accounts using credentials compromised outside the company's systems. The attackers potentially viewed documents containing personal and financial information—including names, addresses, social security numbers, and signatures—from approximately 1,600 individuals associated with the compromised agent accounts. The company disabled affected accounts upon discovery, initiated monitoring for suspicious activity, and confirmed no further unauthorized access occurred. Federal authorities were notified, and impacted individuals were offered credit monitoring services. The incident did not involve a breach of the firm's internal infrastructure, with exposure limited to policy data accessible through the agents' portal.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Genworth Financial, a Fortune 500 insurance holding company specializing in U.S. mortgage and long-term care insurance, detected unauthorized access to insurance agents' online accounts on April 20, 2020. The company’s investigation revealed that attackers used compromised login credentials belonging to third-party insurance agents to gain entry to a proprietary online portal designed for agents and producers to manage policies. These credentials were obtained externally and not through a breach of Genworth’s own systems. The unauthorized access enabled the perpetrators to view documents containing sensitive personal and financial information submitted by individuals during insurance or annuity applications. The exposed data included combinations of names, addresses, ages, genders, dates of birth, financial information, Social Security numbers, and signatures. Approximately 1,600 individuals were potentially affected by the incident, with the compromised data limited exclusively to policies associated with the agents whose credentials were misused. Genworth confirmed its internal infrastructure remained secure and emphasized the breach stemmed solely from third-party credential compromise rather than a direct system intrusion.
Upon discovery, Genworth immediately disabled the compromised agent accounts to prevent further unauthorized access while maintaining continuous monitoring of the accounts and associated policies for suspicious activity. The company engaged federal authorities to investigate the breach and stated no evidence of subsequent unauthorized actions had been identified following the containment measures. As part of its response, Genworth notified affected individuals and offered a one-year subscription to credit monitoring and identity resolution services through ID Experts to mitigate potential fraud or identity theft risks. This incident marked the second disclosed breach for Genworth, following a 2014 notification related to the recovery of long-term care certificate holders’ information during a federal criminal investigation. The 2020 breach occurred amid Genworth’s pending acquisition by China Oceanwide Holdings Group, a transaction valued at $2.7 billion, though the breach disclosure did not reference any impact on the deal.