Jackson National Life Insurance is a major insurance company in Lansing, Michigan. The organization employs close to 3,000 individuals and has an annual revenue of $14.4 billion, meaning they deal with a huge number of customers each year. With so many customers, it's alarming to learn the organization was hit by a data breach recently.
There isn't an official accounting of the data taken from Jackson National Insurance in connection with this data breach yet, but it's likely that a substantial amount of personal customer data was lost. We suspect details such as SSNs, birth dates, phone numbers, addresses, emails, and much more were lost in the breach. Anyone that may have been impacted by the breach will have to wait for official statements and letters to come out to learn more.
Jackson National Insurance relies on a third-party provider known as PBI Research Services. The company handles IT Services for the organization and stores large amounts of data for Jackson customers. PBI relied on the MOVEit secure file transfer solution to move and manage its documents. This service was just hacked and exploited heavily by the C10P ransomware gang. The gang has been stealing Terabytes of data from dozens of organizations and then demanding ransom payments to keep from leaking the information online.
The company filed Form 8-K on June 26, 2023, but we suspect the breach occurred earlier, either at the end of May or the beginning of June.
While we don't know specifically who the Jackson National Insurance breach impacts, it's likely that customers were mostly exposed by this breach. The company deals with a huge amount of customer information, making it the most likely target. Other than customers, it's possible that some employees were also exposed by this breach.
We suspect thousands of files were involved in the Jackson National Life breach. We don't have an actual count, but organizations that released information about the MOVEit file breach reported massive numbers of files taken.