MOVEit Security Event
UPDATE – August 9: Many Genworth customers and some agents were impacted by a cybersecurity event and are currently receiving written letters from both PBI, a Genworth vendor (logo below), and Genworth regarding the vulnerability in the MOVEit file transfer software. These letters are legitimate. The PBI letter explains how to access 24 months of free credit monitoring and identity restoration services from Kroll, a global leader in risk mitigation and response. To activate this coverage, you will need:
A web browser
Your membership number from the PBI letter
The affected individual’s name, zip code, social security number and email address
Answers to standard credit verification questions (past addresses, loan payment amounts, previous vehicles owned, etc.)
If you lost or misplaced your letter from PBI, please call Genworth (888.436.9678, Option 1) for assistance activating your coverage.
If you have received your letter from PBI, please follow those instructions in the letter to activate your coverage.
Please note: We are experiencing higher-than-usual call volumes due to the security event. Please see the FAQs below to help answer your questions, including:
This page contains FAQs specific to the MOVEit security event.
Background Information
Q: What happened?
PBI advised Genworth of a security event connected to the vulnerability in the MOVEit file transfer software that PBI uses. The estimated occurrence of the event was May 29, 2023, and the estimated end date was May 30, 2023. On June 2, 2023, PBI implemented the patches (or fixes) provided by Progress Software, the producer of MOVEit.
On June 16, 2023, PBI advised Genworth that specific Genworth files containing policyholder and agent information were compromised due to a security event that took advantage of a vulnerability identified in the widely-used MOVEit file transfer software that PBI uses.
Q: What is MOVEit?
MOVEit Transfer is a managed file transfer software solution that allows an organization to securely transfer files between parties.
Q: Who is PBI? What do they do for Genworth?
PBI Research Services, or PBI, is a third-party vendor that Genworth uses to satisfy regulatory obligations to scan social security data to determine whether a policyholder may have passed and triggered death benefits under a life insurance policy or annuity contract. We also use PBI to identify deaths that have occurred across our other lines of insurance, and of insurance agents to whom we pay commissions.
Q: What Genworth data was accessed?
The event included personal information for approximately 2-5-2.7 million individuals who are either customers or insurance agents. The personal information accessed included life insurance, individual and group long-term care insurance, and annuity customers.
For customers, the exposed information includes one or more of the following: social security number, first and last name, date of birth, zip code, state of residence, policy number, the role of the individual (ex. Annuitant, Joint Insured, Owner, etc.), and general product type. If deceased, the exposed information also includes the city and date of death, along with the source of that information.
For agents, the exposed information includes social security number, first and last name, date of birth, full address, and a preferred full address. If deceased, the exposed information also included date of death and the source of that information.
Q: Were Genworth systems involved in the attack?
No. Genworth can confirm that none of its information systems or business operations were impacted as a result of the incident with PBI. Genworth does not use the MOVEit (or similarly impacted GoAnywhere) software applications on any company system.
Q: How is Genworth making sure this doesn't happen again?
At Genworth, we have implemented technical, physical, and process safeguards to maintain the confidentiality of customer information. Further, we require third parties that receive and store the personal information of our customers to take similar steps, and we work to understand the measures they have taken.
While the MOVEit event has impacted various organizations globally, Genworth will continue to focus on and seek opportunities to improve how third parties protect the data of our customers.
Who Was Affected
Q: Whose Genworth data was accessed?
The event included personal information for approximately 2-5-2.7 million individuals who are either customers or insurance agents. The personal information accessed included life insurance, individual and group long-term care insurance, and annuity customers.
For customers, the exposed information includes one or more of the following: social security number, first and last name, date of birth, zip code, state of residence, policy number, the role of the individual (ex. Annuitant, Joint Insured, Owner, etc.), and general product type. If deceased, the exposed information also includes the city and date of death, along with the source of that information.
For agents, the exposed information includes social security number, first and last name, date of birth, full address, and a preferred full address. If deceased, the exposed information also included date of death and the source of that information.
Q: My family member had a policy/contract with Genworth, but passed away recently. Was their data affected?
Their data may have been affected by the security event. If their data was affected, their family or personal representative will receive the written letter from PBI with information on how to protect your loved one’s information. Please consider reviewing this information to protect the estate of your family member from identity fraud.
Q: I am an insurance agent, can you tell me which of my clients' information was exposed, so I can reach out to them?
We can confirm that it was a very significant portion of our customers across long-term care insurance, life insurance, and annuities. It may be helpful for you to reinforce with your Genworth clients that they may receive these notices and will be eligible for credit monitoring and identity theft protection benefits.
Credit Protection Coverage
Q: Could you tell me what my or my deceased relative’s regulatory PBI/Genworth letter says?
Please see following links to the template letters:
PBI’s template letter for all states except for Massachusetts for impacted living individuals
PBI’s template letter for all states except for Massachusetts for impacted deceased individuals
PBI’s template letter for impacted living Massachusetts residents
PBI’s template letter for impacted deceased Massachusetts residents
Genworth’s letter for impacted living residents of Rhode Island
Q: What is being done for those individuals' whose information was involved in the attack?
Affected individuals will receive a written letter from PBI with instructions on how to access 24 months of credit monitoring and identity restoration services from Kroll, a global leader in risk mitigation and response. These services include fraud consultation and identity theft restoration services. There will be no cost to individuals for these services, but affected individuals will need to complete the membership activation process. You should not have to provide any payment information to Kroll. The coverage will not automatically renew at the end of the two years.
Q: How is Genworth making sure this doesn't happen again?
At Genworth, we have implemented technical, physical, and process safeguards to maintain the confidentiality of customer information. Further, we require third parties that receive and store the personal information of our customers to take similar steps, and we work to understand the measures they have taken.
Q: I never received a letter from PBI. Can I still activate my protection?
PBI is mailing notification letters in batches through the month of August, so you may not have received your letter yet. If you think your letter may be missing, please call Genworth (888.436.9678, Option 1) for assistance.
Q: I threw away/misplaced my letter from PBI. Can I still activate my protection?
Please call Genworth (888.436.9678, Option 1) for assistance activating your coverage. There's a chance that your membership number from the PBI letter has now expired. If that's the case, Genworth can help you secure comparable coverage through another vendor at no cost to you.
Steps to Take Now
Q: What can I do now?
Keep an eye out for the PBI mailing and consider activating the 24 months of free credit monitoring and identity restoration services from Kroll. Further, you can add a password to your Genworth account to add a level of security in accessing your policy, along with these general identity protection tips:
Consider freezing your credit. Placing credit freezes and/or fraud alerts with the three credit bureaus—Equifax, Experian, and TransUnion—is a way to prevent misuse of your information. You can learn more about those options here.
Limit solicitation by opting out. Sign-up for the Federal Trade Commission's "Do Not Call" list and the Email Preference Service with the Direct Marketing Association (DMA). Many phone carriers also offer scam blocking services as a part of your plan.
Use strong passwords for online accounts. Click here for guidance from the US Cybersecurity & Infrastructure Security Agency on choosing and protecting your passwords.
Do not click on unknown links, QR codes or attachments. Links and attachments can come from emails, text messages, websites, calendar invitations and social media posts, often disguised as a legitimate products, companies or even your friends, family, or colleagues
POLICYHOLDERS
Please contact us at:
888 GENWORTH
(888.436.9678)
Monday – Thursday:
8:30 AM – 6 PM ET,
Friday:
9 AM – 6 PM ET
SHAREHOLDERS
Please contact Investor Relations by email.
MEDIA
Please contact Amy Rein or Danielle Bolt