The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group
The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.
The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.