« Disaster Recovery

Nationwide Insurance data breach affects Midwestern states

Companies of all sizes need to ensure they have an updated disaster recovery plan, as more businesses are reliant on computer systems and could be susceptible to cyberattacks.
Companies of all sizes need to ensure they have an updated disaster recovery plan, as more businesses are reliant on computer systems and could be susceptible to cyberattacks.

As technology continues to evolve, more companies across multiple industries are becoming increasingly reliant on computer systems. Company decision-makers need to keep this in mind when they create a disaster recovery plan, so online data breaches can be accounted for. That way, should a cyberattack occur, business resumption can be quick and the damage can be controlled.

Nationwide Mutual Insurance Company fell victim to an online attack on October 3, according to reports. An estimated 1.1 million individuals, including non-customers who had sought insurance quotations, could be at risk.

"Although we are not aware of any misuse of consumers' information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack," Nationwide said in a statement addressing the October 3 attack. 

The Minneapolis Star Tribune reported that the information potentially released included names and possibly Social Security numbers, driver's license numbers, birthdates, marital status, gender, occupations and the names and addresses of people's employers. Specifically, over 98,000 Minnesotans might have been affected, while the Associated Press said that 92,000 Missouri residents are at risk.

Company spokeswoman Elizabeth Giannetti said in an interview on Monday that most of the individuals who could have been affected should have received letters by now. As the investigation is ongoing, she said she couldn't reveal much but that it involved a "sophisticated perpetrator" and a small portion of the company's computer network.

Regardless of the size of a data breach, a company has a responsibility to ensure that it has an up-to-date business continuity plan so the aftermath will not be far reaching. Working with a firm that specializes in disaster recovery planning can help companies keep themselves current.