Canada Life Data Breach Exposes Personal Information of 70,000 Customers

Severity: Medium (Score: 51.9)

Sources: Thenews.Pk, Insurancebusinessmag

Summary

Canada Life has confirmed a cybersecurity breach involving unauthorized access through a single employee account, potentially affecting the personal data of up to 70,000 individuals. The breach was linked to a Salesforce environment, with the criminal group ShinyHunters claiming responsibility. While Canada Life stated that the incident has been contained, they are conducting an investigation with third-party cybersecurity experts to assess the full scope of the breach. The insurer has begun notifying affected individuals and is offering free credit monitoring services. The incident highlights vulnerabilities in the insurance sector, particularly regarding identity and access management practices. Security experts emphasize the need for insurers to adopt zero-trust principles to mitigate such risks. The investigation is ongoing, and Canada Life is committed to protecting its stakeholders during this incident. Key Points: • Canada Life's breach may impact up to 70,000 customers due to unauthorized access via an employee account. • The attack exploited vulnerabilities in a Salesforce environment, with ShinyHunters claiming responsibility. • Canada Life is investigating the breach and offering free credit monitoring to affected individuals.

Key Entities

• Data Breach (attack_type)
• Supply Chain Attack (attack_type)
• Scattered Spider (apt_group)
• Canada Life (company)
• Salesforce (company)
• Canada (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• Financial (industry)
• T1078 - Valid Accounts (mitre_attack)