Cyber Incident Victim: New York Life Insurance Company

On May 30-31, 2023, New York Life Insurance Company experienced an external system breach involving unauthorized hacking activity. The breach was discovered on May 31, 2023, the same day the intrusion concluded. Attackers acquired sensitive personal information including names combined with Social Security Numbers. The incident impacted 30,167 individuals nationwide, including 38 residents of Maine. This marked at least the fourth breach event disclosed by the company within a twelve-month period, following previous notifications issued on August 10, August 11, and August 21, 2023. The company, headquartered at 51 Madison Avenue in New York City, classified the incident under Maine's breach reporting requirements due to affected policyholders residing in that state.

New York Life Insurance Company initiated written notifications to impacted consumers on October 23, 2023, approximately five months after breach discovery. Affected individuals received details about the compromised data types alongside an offer for identity protection services. The company provided 12 months of Experian IdentityWorks, which included access to Experian credit reports, active monitoring for fraud indicators within Experian's database, identity restoration assistance from specialists, and $1 million identity theft insurance coverage. Documentation submitted to Maine regulators included a sample notification letter labeled "EXPERIAN_Job42811d22_AndesaServices.pdf." The breach reporting was formally submitted by Associate General Counsel Linda Beebe via official channels to state authorities, consistent with regulatory obligations for incidents affecting Maine residents. No additional technical details regarding attack vectors, containment measures, or system vulnerabilities were disclosed in the regulatory filing.