Recently, Colonial Life & Accident Insurance Company filed an official report into a data breach affecting tens of thousands of people. According to Colonial Life’s most recent filing, the breach resulted in the compromise of names, social security numbers, addresses, financial account information and protected health information. On May 23, 2022 Colonial Life sent data breach letters to all affected parties notifying them of the incident.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what your legal options are following the Colonial Life data breach, please see our recent article on the subject. here.
What is known about the data breach of colonial life
The Colonial Life & Accident Insurance Company data breach was only recently reported. Thus, very little is known about the details of the breach and what led to the incident. However, according to the company’s initial filing, Colonial Life’s breach compromised the following consumer data:
social security numbers,
driver’s license numbers,
Government issued identification numbers,
Financial account information,
medical information, and
On May 23, 2022, Colonial Life sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
Colonial Life & Accident Insurance Company is an insurance company based in Columbia, South Carolina. Colonial Life offers a wide range of insurance products, including life insurance, disability insurance, cancer insurance, critical care insurance, and health and dental insurance. The company was founded in 1937 and operated independently until 1993 when it became a wholly owned subsidiary of Unum Group, a Tennessee-based insurance company. Colonial Life employs more than 11,200 people and generates approximately $5 billion in annual revenue.
Do companies have an obligation to report data breaches?
Yes, every state has laws in place requiring companies to notify consumers of a data breach whose information has been affected by a breach. However, just because a breach has occurred does not necessarily mean that a company should report it. As a general rule, most state laws only require companies to disclose violations that affect consumers’ personally identifiable information.
However, since federal law does not contain a data breach notification requirement, there is no universal definition of what constitutes “personally identifiable information”, as it is up to each state to define the term. . The result is that a violation that must be reported in one state may not need to be reported in another state.
Generally, the intent of the data breach notification requirement is twofold. First, receiving a data breach notice gives consumers the opportunity to mitigate potential damages associated with the breach by taking appropriate action. Often this includes closing compromised accounts, reissuing credit cards, signing up for credit monitoring, and closely monitoring one’s financial accounts and credit reports.
The second purpose of data breach notification laws is to encourage businesses to step up when it comes to implementing a robust data security system. If companies know they need to report a data breach, they are likely to be more careful about how they handle consumer information for fear of backlash from the public. In this way, strict data breach reporting laws can actually reduce the number of breaches.
If you’ve been affected by a recent data breach and want to learn more about your rights and potential remedies, contact a data breach lawyer for help.