14 DAY TRIAL // The personal information of multiple customers was exposed in the form of an attachment sent to a Benefits Administrator as reported by Metropolitan Life Insurance Company (MetLife) in a notice of data breach forwarded to the Office of the Attorney General of California.
However, according to MetLife notification, "The Benefits Administrator, who regularly works with MetLife, deleted the email, including your personal information. The Benefits Administrator routinely handles sensitive information and we do not believe your information is at risk."
The data exposed during the inadvertent leak incident contained customers' social security numbers (SSNs), insurance coverage information, dates of birth, genders, and addresses.
Despite considering that their customers' personally identifiable information (PII) was not put at risk, MetLife decided to still provide "an online three-bureau credit monitoring service (My TransUnion Monitoring) for one year."
Following the October 18 data leak disclosed on November 16, MetLife also advised its customers to monitor their credit reports: "If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report."
MetLife also suffered a similar breach in 2009
This is not the first time when MetLife accidentally exposed customer personal information given that during November 2009 "a MetLife employee posted the personally identifiable information of current and former MetLife customers, including their Social Security numbers, on the Internet," as reported by Hunton Andrews Kurth.
After the 2009 breach was discovered, MetLife also provided affected customers with identity theft insurance and credit monitoring as a mitigation measure against possible identity theft incidents.
On November 16, OSIsoft the maker of the PI System enterprise data management and analysis solution also disclosed a data breach which affected its employees, consultants, interns, and contractors.
During the OSIsoft, the email addresses and passwords of all affected individuals were exposed, together with their domain login account names.