San Antonio-based insurance and financial services company USAA has disclosed a data breach involving unauthorized individuals gaining access to the personal information of a limited number of its members. The breach impacted less than 0.15 percent of USAA’s membership, equating to approximately 19,000 members out of the total 13 million.
The incident, which occurred between December 20 and May 18, originated with a contractor, as a few employees from a third-party service supplier shared their access credentials improperly, leading to the exposure of personal information. USAA is in the process of notifying affected members and has not identified any fraudulent activity resulting from the breach.
In a report posted on the state attorney general’s website, it is revealed that 2,726 USAA members in Texas were affected by the breach. The compromised member information may include sensitive details such as names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, last four digits of Social Security numbers, and bank account numbers, along with personal identification numbers used for authentication during calls to USAA. Despite the breach, USAA asserts that no fraudulent activities related to the incident have been identified, and the company is closely monitoring the affected members’ accounts for any suspicious activity.
The breach underscores the challenges posed by third-party service providers, as the incident was traced back to contractors sharing access credentials. USAA has taken proactive measures by offering affected members two years of free credit monitoring provided by Experian, demonstrating a commitment to assisting those impacted by the security incident.
