NationsBenefits Data Breach Exposes 3 Million To Identity Theft Featured

Florida-based healthcare management company NationsBenefits suffered a significant cyber attack that compromised the sensitive personal information of millions of customers.

A recently filed class action lawsuit alleges that inadequate network security at the Florida based healthcare management company made it easy for Clop ransomware gang to steal customer data.

In a data security incident notice published on April 13, the company said that around January 30, it suffered a cyber security incident that involved the notorious Clop ransomware gang exploiting a zero-day vulnerability in Fortra’s GoAnywhere MFT file transfer application. The FTA software is used by hundreds of companies worldwide, including NationsBenefits.

What Happened?

According to the Notice of Data Breach, on or around January 30, 2023, at 12:35:30 UTC, a cyber threat actor(s) exploited the zero-day vulnerability—now known as CVE-2023-0669—to access a NationsBenefits GoAnywhere server.

This incident was first discovered by NationsBenefits on February 7, 2023, at approximately 16:02 UTC, when NationsBenefits’ security monitoring team received an alert regarding a potential security event on the impacted MFT server. NationsBenefits promptly contacted Fortra to assist in the investigation of the event. Upon initial review, Fortra advised NationsBenefits that it appeared that NationsBenefits’ instance of GoAnywhere had been subject to unauthorized access as a result of the zero-day vulnerability targeting Fortra’s MFT software. The incident at NationsBenefits was limited to two MFT servers; there is no evidence that the threat actors moved laterally to other applications or systems within the NationsBenefits environment.

What Information Was Compromised?

The information involved in this incident included the following data elements of some health plan members:

  • Name
  • Address
  • Date of Birth
  • Member Identification Numbers
  • Data of Health Plan Coverage
  • Social Security Number
  • Employer Name

What Can Criminals Use This Information For?

Victims of identity theft are now exposed to a lifetime of fraudulent activity. Criminals use this information to:

  • open new financial accounts in victims names,
  • take out loans using victims identities,
  • obtain medical services,
  • use health information to craft phishing and other hacking attacks based on a victims individual health needs,
  • obtain government benefits
  • file fraudulent tax returns
  • obtain drivers licenses
  • give false information to police during an arrest.

What is NationsBenefits Doing To Secure Against Fraudulent Use of My Information?

In recognition of the identity risk victims are exposed to, now and in the future, NationsBenefits announced it will provide victims with two years of Experion identity theft protection at no cost. Beyond that it will be up to the victim to purchase necessary credit monitoring services, impose credit freezes, secure credit reports and take other protective measures to deter and detect against a life-time risk of identity theft.

What Does The Class Action Seek?

The class action alleges that victims of the data breach will continue to suffer unexpected out-of-pocket expenses to protect their identity in the future including lost or diminished value of the PII, emotional distress, and the value of their time to mitigate against the fallout arising from the data breach.

The action seeks remedies including compensatory damages, treble damages, punitive damages, reimbursement of out-of-pocket expenses as well as injunctive relief – including improvements to NationsBenefits data security systems, future annual audits, and adequate credit monitoring services funded by NationsBenefits.

Case Status: Open – Not Accepting New Clients


Leave a Reply

Your email address will not be published. Required fields are marked *