On August 6, 2024, Educators Benefit Consultants, LLC, known as Aviben, officially reported a data breach to the Attorney General of Maine after discovering unauthorized access to its computer network. The breach resulted in the exposure of sensitive personal information belonging to consumers, which included names, Social Security numbers, and dates of birth. Upon completing its investigation, Aviben initiated the process of sending out data breach notification letters to all individuals whose information was affected by this security incident, ensuring transparency and communication regarding the breach’s impact.
The investigation into the data breach began after Aviben learned on February 22, 2024, that it had been targeted in a cyber attack where an unauthorized party attempted to access its network. In response to this alarming situation, the company secured its systems and conducted an investigation to ascertain the nature of the incident and identify any consumer data that may have been compromised. The investigation revealed that an external IT provider’s software contained a zero-day vulnerability, which allowed the unauthorized access to sensitive information.
By July 11, 2024, Aviben confirmed the extent of the breach and the specific data that had been accessed by the unauthorized actor. While the company worked diligently to assess the situation, the specific types of personal information exposed varied by individual but predominantly included names, Social Security numbers, and dates of birth. Following this comprehensive review, Aviben was able to outline the impacted information in the notification letters sent to affected individuals, providing clarity on what sensitive data had been compromised.
Educators Benefit Consultants, LLC, based in Cambridge, Minnesota, operates as an insurance services company that acts as a third-party administrator for employee benefit programs. The firm employs over 25 individuals and generates approximately $7 million in annual revenue. This incident serves as a significant reminder of the importance of robust cybersecurity measures, particularly for organizations handling sensitive personal data in the insurance sector. Aviben’s prompt actions in notifying affected individuals highlight its commitment to accountability and consumer protection in the wake of a data breach.
Reference:
