Genworth, big insurance company, was hacked; Cisco IOS or F5 vulnerabilities?

Insurance company Genworth Financial (present on the prestigious Fortune 500 list) has just revealed that it has been the victim of a cybersecurity incident involving unauthorized access to its systems, which compromised the accounts of some of its insurance agents. Apparently, the hackers gained access after stealing the login credentials of a company employee.

The United States-based insurer generated revenue of more than $8 billion USD during the last fiscal year, and recently announced that it reached an agreement with China Oceanwide Holdings Group, with which the Asian company will absorb Genworth for an unspecified amount (about $2.7 billion USD).

According to the company’s report, the incident was detected on April 20 after some agents reported unusual activity on their accounts. The intrusion allowed threat actors to access confidential documentation, including financial details: “We began an internal investigation immediately after detecting the incident, which led us to discover that our agents’ login credentials had been compromised,” Genworth’s security team report says.

The risks arising from this incident depend on the type of account compromised, but in general, threat actors may have accessed records with the following data:

  • Full names
  • Addresses
  • Date of birth and age
  • Financial information
  • Social security numbers

In response to the incident, Genworth temporarily disabled compromised user accounts, preventing the problem from growing unequally: “From enabling these security measures the detection of unauthorized activity was stopped,” Genworth’s computer security team says.   

The insurance company added that the competent federal authorities have already been notified, so the Federal Bureau of Investigation (FBI) could begin collaborating on the investigation in the coming hours.

On several occasions, Genworth has emphasized that cybercriminals used these stolen credentials to log in to a platform employed only by their insurance agents; although the exact number of people affected has not been determined, it is believed that hackers could have compromised up to 1,600 records. As part of its incident response process, the company offers one year of identity theft and electronic fraud protection services to all potentially affected users.

Additional details about the incident may eventually be disclosed by the company.