Unum Group (“Unum”), and its subsidiaries, including Starmount Life Insurance Company, are providing notice about a security incident that may have involved certain personal information about some of our customers, primarily related to our U.S. dental and vision businesses.
The incident involved MOVEit Transfer, a file transfer application made available by Progress Software Corporation (“Progress”) that Unum and many other organizations in the U.S. and globally used to handle certain data transfers. As detailed in a June 7, 2023, U.S. government advisory, there has been widespread exploitation of a security vulnerability in MOVEit Transfer, which has reportedly impacted hundreds of organizations.
On June 1, 2023, Unum detected suspicious activity involving an instance of its MOVEit Transfer application. Unum promptly launched an investigation with the assistance of third-party cybersecurity experts. Unum took several steps to respond, including taking MOVEit Transfer offline, implementing vendor-recommended actions including application of patches as Progress made them available, notifying law enforcement, and monitoring publicly available information regarding this vulnerability.
On June 4, 2023, the investigation identified evidence that between May 31 and June 1, 2023, an unauthorized party had exploited the MOVEit security vulnerability to copy a subset of data. Beginning on July 22, 2023, Unum was able to ascertain the nature of the personal information that was impacted.
The information involved varied by individual and may have included name, date of birth, address, Social Security number or individual tax identification number, medical, health insurance claim, and policy information. Financial information and other government issued identification numbers were involved for a limited number of individuals.
Individuals identified as impacted will receive notice where a valid mailing address is available. The notice will include specific information about how to enroll in free credit monitoring and identity protection services. Impacted individuals are advised to remain vigilant by reviewing their account statements and monitoring their free credit reports for signs of suspicious activity.
Unum takes its responsibility to safeguard personal information seriously and continues to enhance its security controls to protect from cyber threats.
Please call 833-309-0979, Monday through Friday between 8 a.m. and 10 p.m. Central, Saturday and Sunday between 10 a.m. and 7 p.m. Central with any questions (use reference number B099067).