PBI’s services help FullscopeRMS and Sun Life pay life insurance and related benefits in a timely manner by complying with regulatory requirements to regularly check external sources, such as government databases including the Social Security Administration, to determine if benefits are due to beneficiaries.
Updated 7/17/2023
A file transfer software called MOVEit, owned by Progress Software, was part of a global cyber-attack. FullscopeRMS, a member of the Sun Life group of companies, is not a MOVEit customer, and our systems, networks and business operations have not been directly affected.
However, one of our vendors, Pension Benefit Information, LLC (known as PBI), advised us that one of its servers was accessed by an unauthorized third party as part of the global attack. Because of this, some U.S. personal member information FullscopeRMS and Sun Life shared with PBI to support our businesses has been accessed. PBI has advised us it is currently not aware of any indications of identity theft or fraud in relation to this event.
We take information security very seriously at FullscopeRMS and Sun Life and are conducting our own investigation alongside PBI to confirm what data was involved. We know that protecting member data is important, and regret that this happened. Working with PBI, in the coming weeks, we will notify members whose personal information was affected.
A list of frequently asked questions (FAQ) follows and will be updated as we learn more.
FAQ
MOVEit is a widely used business-to-business managed file transfer software solution that allows an organization such as PBI to transfer files internally and between parties. Hackers exploited a vulnerability in Progress Software’s technology to access data in the supply chains of organizations around the world, and potentially expose the data.
PBI has advised that the personal information of certain members and account holders of our group life, long-term disability and life premium waiver insurance offered through employers, as well as individual life insurance and group pension annuities, was accessed. While our analysis is ongoing, Sun Life currently understands the personal information accessed by hackers included name, Social Security Number, policy/account number and/or date of birth of some members and account holders.
IMPORTANT: No financial information, such as premium or account values, was exposed. No claim or medical information was exposed. No policy documents were exposed.
We are working with PBI to confirm the member data involved, notify affected members, and provide credit monitoring and identity protection services. We are working as quickly as we can on this with PBI.
We encourage any member to take precautions such as monitoring their accounts and credit history for signs of unauthorized activity. And, while no passwords were exposed, it is always a good idea to regularly change your account passwords.
We encourage all our members to be vigilant and aware of any suspicious activity in their accounts. Placing credit freezes or fraud alerts with your credit bureaus, such as Equifax, Experian, and TransUnion, is always a good way to increase protection to prevent potential misuse of your information.
Working with PBI, we will provide guidance and support directly to members affected by this event as soon as possible.
Contact
If you are a news reporter, please contact Cynthia Michener.
FullscopeRMS is the brand name for services offered through Disability Reinsurance Management Services, Inc., a member of the Sun Life group of companies.