Some of Empire Life’s mutual fund and segregated fund clients are among the victims of the data breach that also affected Mackenzie Investments and other clients of Toronto-based InvestorCOM Inc.
“As a result of this incident, information was disclosed regarding certain policies relating to the separate Empire Life funds and the former Empire Life Investment Inc. funds.” – wrote Karen Smith, director of communications services at Empire Life Insurance Co. based in Kingston, Ontario. in an email sent to Advisor.ca on Thursday.
InvestorCOM generates and distributes certain types of policyholder communications for Empire Life. Smith said the software vendor told Empire Life about the breach on March 30, after which Empire Life launched an independent investigation with the help of cybersecurity experts.
“Based on information provided since then by InvestorCOM and our own investigation, we have now been able to determine that certain files stored on InvestorCOM computer systems were affected,” Smith wrote.
Smith said the insurer has begun notifying affected customers by mail about what personal information about them was compromised. Empire Life will pay for three years of credit monitoring through Equifax Inc., she added.
In January, Minnesota-based Fortra LLC discovered that hackers had created unauthorized user accounts with customers of its GoAnywhere managed file transfer service. One of those clients was InvestorCOM, a provider of Empire Life, Mackenzie Investments and other Canadian financial services companies.
InvestorCOM declined to comment beyond its May 1 statement that the Fortra cybersecurity incident had been contained.
Smith said Empire Life reported the breach to law enforcement, financial services industry regulators, federal and provincial privacy commissioners, the Canadian Cyber Security Center and the Canadian Anti-Fraud Center.
Logic was the first to report the incident in Fortra earlier this month.