ORX News digest of the month – September 2018
- 9 October 2018
Every month the ORX News team publishes a featured digest from the ORX News Service. It's a detailed look at one of the losses reported in the media that month, and is handpicked by the team as one of the most interesting stories.
Voya Financial pays USD 1 million for poor IT security after hackers access customer data:
On 26 September Voya Financial agreed to pay $1m to the Securities and Exchange Commission (SEC) after hackers impersonated three Voya Financial independent contractors and gained access to the personal information of 5,600 customers. It was the regulator’s first enforcement of its 2013 Identity Theft Red Flags Rule, which requires firms to have written procedures prevent identity theft.
According to the SEC, the hackers phoned Voya’s technical support line in April 2016 and pretended to be the independent contractors requesting a password reset. Despite informing staff not to provide usernames or password resets over the phone following the first attempt, the hackers successfully impersonated contractors twice more.
The hackers could then access customer information including addresses, dates of birth and last four digits of social security numbers. Voya neither admitted nor denied the SEC’s findings.