Two US Insurance Companies Warn of Data Breach After SIM-Swapping Attack

Two US insurance companies are warning that thousands of individuals’ personal information may have been stolen after hackers compromised computer systems.

Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group, were targeted by SIM-swapping hackers in November 2023.

SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else’s phone number. This allows the fraudster to receive the victim’s phone calls and SMS messages, including two-factor authentication tokens.

A breach notification letter sent by Washington National Insurance to 20,360 affected individuals explains that a SIM-swapping attack on a “senior officer’s phone number” allowed the hackers to bypass multi-factor authentication.

The company warned that personal information including names, social security numbers, dates of birth, and policy numbers may have been compromised.

Bankers Life sent a nearly identical breach notification letter to 45,842 individuals.

In short, the personal information of some 66,000 people is now in the hands of cybercriminals, who may use it for fraud or further attacks.

SIM swap attacks have been used by cybercriminals to break into systems without authorization, whether to plant ransomware, exfiltrate data, or pilfer cryptocurrency.

SMS-based two-factor authentication is less secure than authentication apps with time-based one-time passwords (TOTP) or hardware keys. Yet companies still leave themselves open to SIM-swapping.

Both insurance companies should clearly talk to their cellphone provider about preventing a similar accident from occurring again. Organizations and individuals should also avoid linking accounts to their phone number and add additional layers of security to their cellphone accounts to make it harder for a criminal to trick a cellphone operator into handing over a number.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles