2023-06-30 F&G Annuities & Life, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

F&G Annuities & Life, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-06-30 07:00:58 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2023-06-30
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2023-06-30

F&G Annuities & Life, Inc. filed an 8-K at 2023-06-30 07:00:58 EDT
Accession Number: 0001934850-23-000046

Item 8.01 Other Events.

F&G Annuities & Life, Inc. (“F&G” or the “Company”) was recently notified that PBI Research Services (“PBI”), a third-party vendor to F&G, was the victim of the security incident associated with the MOVEit file transfer system. PBI provides services to F&G and other companies in the insurance industry, including services to satisfy certain regulatory obligations related to identifying the deaths of insured persons that may trigger the payment of certain insurance benefits. It has been widely reported that numerous organizations around the world, including Fortune 500 companies, governmental agencies, and non-governmental organizations, were affected by a zero day vulnerability in the MOVEit file transfer system. This vulnerability resulted in access to PBI’s instance of the MOVEit system and acquisition of certain data within the MOVEit system by an unauthorized third party.

Based on the information provided by PBI, F&G understands that the impacted information includes personal information related to a significant number of F&G’s policyholders and other customers of its insurance businesses. While the investigation of the incident and impacted information remains ongoing, F&G understands that the impacted personal information includes social security number and date of birth for approximately 873,000 policyholders or customers. F&G is working with PBI to determine the identity of impacted individuals, and will notify impacted individuals and relevant regulators. F&G is also working with PBI to provide resources to impacted customers including credit monitoring services and identity theft restoration.

PBI has advised that the incident is contained and that PBI has addressed and remediated the vulnerability in the MOVEit system.

The incident did not affect any F&G systems, including any of F&G’s financial systems. In addition, the incident did not affect F&G’s ability to serve its customers.

F&G is investigating whether any of its other third-party vendors were affected by the MOVEit incident and, if so, whether any F&G data was impacted.

F&G will continue to assess the impact of the incident, including remediation costs, notifications expenses, and other potential liabilities. At this time, F&G does not believe the incident will have a material impact on its business, operations, or financials.

For more information concerning this event visit www.fglife.com/moveit

Company Information