Postal inspectors uncover MassMutual customer data during ID theft investigation
Massachusetts Mutual Life Insurance Company (“MassMutual”) recently discovered that an insider had printouts of customer data that might have been used for fraudulent purposes.
In a notification letter [pdf] to the New Hampshire Attorney General’s Office dated September 8, MassMutual Financial Group reported that they had been advised on August 3 by the U.S. Postal Inspection Service that during the course of an ID theft investigation, the Service had
… discovered documents containing the personal information of certain MassMutual customers in an envelope bearing MassMutual’s logo. The Service advised that they had reason to believe that at least some of this personal information had been used for fraudulent purposes. On August 5, 2009, the Service requested, verbally and in writing, that MassMutual delay notification to impacted individuals in order to prevent a compromise of the Service’s investigation.
The documents recovered by the Service appear to be “screen prints” from one of MassMutual ‘s administrative platforms and such documents contained, among other things, individual customer: (i) first and last name; (ii) address, (iii) Social Security number; and (iv) what appear to be financial account number(s). Each screen print also contained a unique identifier for the MassMutual employee who had access to the system at the time the document was printed. All reviewed “screen prints” appear to have been generated by one individual, who left MassMutual ‘s employ in March of 2008.
According to the company, 73 individuals were impacted by the incident, but the company:
… has determined that no fraudulent or suspicious transactions appear to have occurred with respect to the accounts of the customers whose information was compromised by this incident. MassMutual has placed internal warning codes and security measures on these accounts in the event that any transactions are requested in these accounts MassMutual intends to offer the impacted customers reimbursement for costs related to fraud monitoring programs and credit reports.