Skip to main content

Over 40,000-Person Data Security Breach

August 11, 2023

Department Advises of Large-Scale Data Security Breach Affecting About 42,000 Vermonters

For Immediate Release

Contact: Victoria Hudson, Information Management Officer | 802-828-4872 |

MONTPELIER, Vt. — The Vermont Department of Financial Regulation was notified that a large-scale data security breach has compromised the personally identifiable information of roughly 42,000 Vermonters and over 38 million consumers nationwide. The breach occurred when the CLOP Ransomware Gang, a known threat actor, infiltrated the MOVEit file transfer software used by many organizations both public and private. The Department first issued a consumer alert about this breach on July 19, 2023.

As of this week, 43 companies, regulated by the Department or associated with a regulated entities’ data, have reported data breaches related to the MOVEit file transfer software. Those 43 companies include the following:

1.    American General Life Insurance Company; 
2.    American National Group; 
3.    Ameriprise Financial;
4.    Athene Annuity and Life Company; 
5.    Bank of Burlington; 
6.    Darling Consulting Group; 
7.    Elips Life Insurance Co.;
8.    CMFG Life Insurance Company; 
9.    Continental General Insurance Company; 
10.    Corebridge Financial, Inc.; 
11.    Fidelity & Guaranty Life Insurance Company; 
12.    Fidelity Life Association; 
13.    Genworth North America Corporation; 
14.    Hartford Life and Accident Insurance Company;
15.    Illumifin Corporation;
16.    Jackson National Life Insurance Company;
17.    Lombard International Life Assurance Company;
18.    Lumico Life Insurance Co.;
19.    Mass Mutual Ascend;
20.    Members Life Insurance Company;
21.    Manhattan National Life Insurance Co.;
22.    Milliman; 
23.    New York Life Insurance Company;
24.    Northwestern Mutual;
25.    PBI Research Services, Inc.; 
26.    Progressive Software Services; 
27.    Prudential Insurance Company of America;
28.    RiverSource Life Insurance Company;
29.    Sovos Compliance, LLC;
30.    Starmount Life Insurance Co.;
31.    Sun Life and Health Insurance Company (U.S.);
32.    Sun Life and Health Insurance Company of Canada (U.S.);
33.    Talcott Resolution Life and Annuity Insurance Co.; / Talcott Resolution Life Insurance Company
34.    Teachers Insurance and Annuity Association of America;
35.    TIAA Kaspick, LLC;
36.    TIAA-CREF Life Insurance Company;
37.    Transamerica Life Insurance Company ;
38.    Union Fidelity Life Insurance Company;
39.    Union Labor Life Insurance Company;
40.    Union Security Insurance Company;
41.    United Healthcare Student Resources;
42.    Unum Insurance; and
43.    Wilton Reassurance Company.

New companies are reporting breaches weekly and this list is subject to change. 

Many impacted entities were impacted through a third-party called PBI Research Services, Inc. (PBI). PBI provides third-party services to numerous insurance companies doing business in Vermont. For most companies impacted through their partnership with PBI, PBI has sent notices directly to impacted Vermonters. 

If your information was compromised in the breach, you should receive a letter from PBI, or one of the entities listed above. That letter will provide additional information about the breach and detail what personal information was implicated. The letter also provides a code to sign up for identity and credit protection. For more information on the specifics of this breach, we encourage impacted consumers to reach out to PBI or one of the entities listed above. 

The Department encourages all Vermonters to remain vigilant against incidents of identity theft and fraud, to review account statements and to monitor your free credit reports for suspicious activity and to detect errors. 

Use link for PDF version of this release.