Colonial Life & Accident Insurance Company Confirms Latest Data Breach in Official Filing | Console and Partners, PC
Recently, Colonial Life & Accident Insurance Company filed an official report of a data breach that affected tens of thousands of people. According to Colonial Life’s most recent filing, the breach resulted in the compromise of names, social security numbers, addresses, financial account information, and protected health information. On May 23, 2022, Colonial Life sent out privacy breach letters to all affected parties, notifying them of the incident.
If you’ve received a data breach notification, it’s important that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from being a victim of fraud or identity theft, and what your legal options are after Colonial Life’s data breach, please read our recent article on the subject here.
What is known about the Colonial Life data breach?
The Colonial Life & Accident Insurance Company data breach was only recently reported. Therefore, very little is known about the details of the violation and the background to the incident. However, according to the company’s original filing, Colonial Life’s breach resulted in the following consumer data being compromised:
social security numbers,
driver’s license numbers,
Government-issued identification numbers,
financial account information,
Medical information and
On May 23, 2022, Colonial Life sent out privacy breach letters to anyone whose information was compromised as a result of the recent data security incident.
Colonial Life & Accident Insurance Company is an insurance company based in Columbia, South Carolina. Colonial Life offers a wide range of insurance products, including life insurance, disability insurance, cancer insurance, critical care insurance, and health and dental insurance. The company was founded in 1937 and operated independently until 1993 when it became a wholly owned subsidiary of Unum Group, a Tennessee-based insurance company. Colonial Life employs more than 11,200 people and has annual sales of approximately $5 billion.
Are companies required to report data breaches?
Yes, every state has laws on the books that require businesses to notify consumers whose information has been affected by a data breach about a data breach. However, just because a breach has occurred does not necessarily mean that a company must report it. In general, the laws of most states only require companies to disclose violations that affect consumers’ personal information.
However, since federal law does not include a data breach notification requirement, there is no universally accepted definition of what “personal information” is, as it is up to each state to define the term. The result is that a violation that needs to be reported in one state may not need to be reported in another state.
Typically, the data breach notification requirement has two purposes. First, receiving notification of a data breach gives consumers the opportunity to mitigate the potential harm related to the breach by taking appropriate action. This often involves closing compromised accounts, reissuing credit cards, signing up for credit monitoring, and closely monitoring one’s financial accounts and credit reports.
The second goal of data breach notification laws is to encourage companies to take the lead when it comes to implementing a robust data security system. If companies know they need to report a data breach, they’re likely to be more cautious about how they handle consumer information for fear of public backlash. In this way, strict data breach notification laws can actually reduce the number of data breaches.
If you have recently been affected by a data breach and want to learn more about your rights and possible remedies, contact a data breach attorney for assistance.