Sun Life is an international security and health partner which offers various services for employees. Some of their services include life insurance, disability solutions, and supplemental health options. Sun Life uses a third-party provider, Pension Benefit Information (PBI), to complete research services. However, PBI recently notified Sun Life about a massive data breach—impacting over 200,000 Sun Life members.
PBI’s breach occurred as a consequence of the global MOVEit breach. MOVEit is a file transfer service that allows for the fluid movement of organization files. Earlier this year, MOVEit discovered a zero-day vulnerability, which resulted in thousands of organizations around the world reporting subsequent data breaches.
The unauthorized party purportedly accessed MOVEit servers on or around May 29th and 30th, 2023. On May 31st, Progress Software—MOVEit’s provider—announced the zero-day vulnerability within their application. Organizations worldwide subsequently opened internal investigations; PBI recently completed their review.
The Maine Attorney General’s office filing states that 212,129 individuals may feel the impact of this breach. The breached data likely belongs to clients, but experts may discover employee data as the investigations continue.
Though the Maine filing gives a massive victim figure, the full scope of the attack remains unknown. Those at risk following this breach must implement information defenses immediately; don’t wait until bad actors enter your accounts to take action.