More details are coming out about a massive October 3rd data breach at Nationwide Mutual Insurance. The company reported to the North Carolina Attorney General that as many as 1.1 million Americans’ personal information may have been exposed, revealed Iowa Attorney General Tom Miller. Nationwide reported the breach to police and disclosed it to the public almost immediately in October, but this is the first time we've heard the full scope of the intrusion. The attack is believed to have originated overseas, and according to the insurer, resulted in the theft of names, birth dates, social security numbers, and driver’s license numbers. While Nationwide attempts to reassure customers that it does not “have any reason to believe any information stolen in the attack has ben misused,” it doesn't take much imagination to picture the kind of risk for fraud a data set of this size could generate. In order to lower that risk, the company is extending a Credit Watch service and identity theft insurance to those affected.
Since the data comes from customers and others asking for insurance quotes, credit card numbers were not part of the stolen information, unlike the victims of last year's much larger PlayStation Network hack. But the effects of these kinds of data breaches are nevertheless far-reaching, with financial fraud being only the most immediate risk. As we reported in October, personal data can be used to de-anonymize many other kinds of information, ranging from medical records to personal web browsing histories.