WEBSITE SUBSTITUTE NOTICE 

United of Omaha Insurance Company 

Notice of Data Breach

This notice is from United of Omaha Life Insurance Company (“United of Omaha”) about a recent security incident. This incident was limited to United of Omaha’s group insurance business, which provides various group insurance products to employers.

What happened

On April 23, 2024, United of Omaha detected unusual activity in one employee’s email account and observed access by an unauthorized party. The access was the result of a phishing campaign targeting United of Omaha employees. We immediately began an investigation and hired an outside forensic computer expert to determine the size and scope of the incident. The investigation determined that the unauthorized third party had access to the employee email account between April 21, 2024 and April 23, 2024. Following a thorough review of the email account, on June 28, 2024 United of Omaha discovered that the unauthorized party may have accessed sensitive information. The attack did not compromise the security of any other systems or networks and did not affect United of Omaha’s ability to conduct business.

What Information Was Involved

United of Omaha’s investigation confirmed that no information in the compromised account was emailed out of the account by the unauthorized party. However, the unauthorized party may have been able to view emails or attachments related to United of Omaha’s employer group insurance products. We cannot confirm exactly what data was accessed for each individual, but information that may have been accessed includes full name, demographic information (such as address and date of birth), driver’s license number, health insurance policy number, social security number, employment information, and limited health information.

What We Are Doing

Upon learning of the incident, United of Omaha took a number of steps to prevent similar incidents from occurring in the future including changing the employee’s Microsoft account passwords to prevent further access to the email account, hiring independent and industry-leading cybersecurity and data analysis experts to assist in the investigation, reporting the fraudulent domain associated with the attack, and re-training all employees on how to identify and report phishing campaigns.

What Individuals Can Do

United of Omaha is sending letters by U.S. mail to impacted individuals for whom the company has valid mailing addresses. The letters contain important information about steps individuals can take to help prevent identity theft and fraud. Eligible individuals are being provided free credit monitoring services. Instructions on how to enroll are included in the notification letters mailed to eligible individuals’ last known address. 

There are steps you can take to protect yourselves, including:

  • Enroll in complimentary identity monitoring and identity protection services.
  • Regularly monitor your insurance statements as well as bank statements, credit reports, and tax returns to check for unfamiliar activity. Again, we have no evidence information was exfiltrated, downloaded, or emailed out of the account by the unauthorized third-party, but we encourage everyone to be diligent.
  • If you notice suspicious activity, immediately contact your financial institution or credit reporting agency.

You may have additional rights available to you depending on the state you live. Please see the “Consumer Reference Guide” below for additional information.

For More Information

United of Omaha has established a confidential, toll-free hotline that is staffed with professionals familiar with the incident who can assist with questions and steps to protect against identity theft and fraud. For additional information visit www.experianidworks.com/unitedofomaha. We sincerely regret any inconvenience or concern caused by this incident. The privacy and security of your information is of critical importance to us. If you would like more information, you can reach out to dedicated support staff:

Consumer Reference Guide  

As a precautionary measure, consumers may wish to regularly review account statements and periodically obtain credit reports from one or more of the national credit reporting companies. Consumers may obtain a free copy of credit reports online at www.annualcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.  Consumers may also purchase copies of credit reports by contacting one or more of the three national credit reporting agencies using the contact information listed below. 

Consumers may wish to review credit reports carefully and look for accounts or creditor inquiries that are not initiated or recognized by consumer.  If anything is seen that is not understandable, including inaccuracies in home address or Social Security number, consumers should call the credit reporting agency at the telephone number on the report. 

Consumers should remain vigilant for incidents of fraud and credit activity with respect to reviewing account statements and credit reports, and promptly report any suspicious activity or suspected identity theft to the proper authorities, including local law enforcement, the state’s attorney general and/or the Federal Trade Commission (“FTC”).  The FTC or a state’s regulatory authority may be contacted to obtain additional information about avoiding identity theft using the contact information listed below.

The next paragraph is regarding incidents involving personal health information.  Disregard if not applicable to your situation.   

Consumers may wish to regularly review explanation of benefits statements received from insurers.  If medical services appearing were not received or are not receiving your benefit statements, contact the insurer at the number on the statement. Check your credit reports for any medical bills not recognized and report anything suspicious to the credit reporting agency at the phone number on the report. 

Fraud Alerts: There are also two types of fraud alerts that can be placed on credit reports to put creditors on notice that a consumer may be a victim of fraud: an initial alert and an extended alert.  Consumers may ask that an initial fraud alert be placed on their credit report if they suspect they have been, or are about to be, a victim of identity theft.  An initial fraud alert stays on credit reports for at least one year.  An extended alert may be placed on credit reports if consumers have already been a victim of identity theft, with the appropriate documentary proof, and stays on credit reports for seven years.  Consumers may place a fraud alert on their credit reports by contacting the toll-free fraud number of any of the three national credit reporting agencies listed below. 

Credit Freezes: Consumers have the right to place a credit freeze or security freeze (referred to as “credit freeze”) on their consumer reports.  A credit freeze is designed to prevent credit, loans and services from being approved in a consumer’s name without the consumer’s consent.  Using a credit freeze, however, may delay ability to obtain credit.  Consumers may request that a freeze be placed on credit reports by sending a request to a credit reporting agency on-line or by certified mail, overnight mail or regular stamped mail to the three national reporting agencies listed below.  Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report.  

Unlike a fraud alert, a credit freeze must be separately placed on a consumer’s credit file at each credit reporting company. More information can be obtained about fraud alerts and credit freezes by contacting the FTC or one of the national credit reporting agencies listed below.

Reference Numbers: 

Consumers may also purchase a copy of their credit report by contacting one or more of the three national credit reporting agencies listed below: 

    Equifax
    P.O. Box 740241, Atlanta, GA 30374-0241
    1-800-685-1111
    Experian
    P.O. Box 9532, Allen, TX 75013
    1-888-397-3742
    TransUnion
    P.O. Box 1000, Chester, PA 19022
    1-800-888-4213

    Consumers can place a fraud alert on their credit report by contacting any of the three national credit reporting agencies listed below. 

    Equifax
    P.O. Box 740241, Atlanta, GA 30374-0241
    1-800-525-6285
    Experian
    P.O. Box 9532, Allen, TX 75013
    1-888-397-3742
    TransUnion
    P.O. Box 1000, Chester, PA 19022
    1-800-680-7289

    You can place a credit freeze on your credit report by contacting any of the three national credit reporting agencies listed below.  

    Equifax
    P.O. Box 105788, Atlanta, GA 30348-5788
    1-800-685-1111
    Experian
    P.O. Box 9554, Allen, TX 75013
    1-888-397-3742
    TransUnion
    P.O. Box 2000, Chester, PA, 19022-2000
    1-800-909-8872

    Federal Trade Commission: Consumers may also obtain information about preventing and avoiding identity theft from the Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft.  

    Residents of Maryland
    Consumers may obtain information about preventing and avoiding identity theft from the Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, 1-888-743-0023, https://www.marylandattorneygeneral.gov/Pages/CPD/.
    Residents of Massachusetts
    The following information should be included when requesting a credit freeze in Massachusetts (documentation for an individual and their spouse must be submitted when freezing a spouse’s credit report): full name, with middle initial and any suffixes; Social Security number; date of birth (month, day and year); current address and previous addresses for the past five (5) years; and incident report or complaint with a law enforcement agency or the Department of Motor Vehicles.  The request should also include a copy of a government-issued identification card, such as a driver’s license, state or military ID card, and a copy of a utility bill, bank or insurance statement.  Each copy should be legible, display name and current mailing address, and the date of issue (statement dates must be recent). Consumers also have the right to obtain a police report.
    Residents of New Mexico
    Consumer has rights pursuant to the Fair Credit Reporting Act (“FCRA”), such as the right to be told if information in the consumer’s credit file has been used against the consumer, the right to know what is in the consumer’s credit file, the right to ask for consumer’s credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the FCRA, the consumer reporting bureaus must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to the consumer’s file is limited; the consumer must give consent for credit reports to be provided to employers; consumers may limit “prescreened” offers of credit and insurance received based on information in the credit report; and consumer’s may seek damages from violator. Consumer may have additional rights under the FCRA not summarized here. Identity theft victims and active-duty military personnel have specific additional rights pursuant to the FCRA. We encourage consumer to review their rights pursuant to the FCRA by visiting www.consumerfinance.gov/f/201504_cfpb_summary_ your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.
    Residents of New York
    Consumers may obtain information about preventing and avoiding identity theft from the New York Attorney General’s Office, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; https://ag.ny.gov/ or the New York Department of State Division of Consumer Protection at http://www.dos.ny.gov/consumerprotection.
    Residents of North Carolina
    Consumers may obtain information about preventing and avoiding identity theft from the North Carolina Attorney General’s Office, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-5-NO-SCAM, www.ncdoj.gov.
    Residents of Oregon
    Consumers are advised to report any suspected identity theft to law enforcement, including the FTC and the Oregon Attorney General. For more information on security locks, you can visit the Oregon Department of Consumer and Business Services website at dfr.oregon.gov/financial/protect/Pages/stolen-identity.aspx and click “Place a credit freeze.”
    Residents of Rhode Island
    Consumers have the ability to file or obtain a police report.  Consumers may also obtain information about preventing and avoiding identity theft from the Rhode Island Attorney General’s Office, Consumer Protection Division, 150 South Main Street, Providence, RI 02903, (401) 274-4400.
    Residents of Washington D.C.
    Consumers may obtain information about preventing and avoiding identity theft from the Washington D.C. Attorney General’s Office, 441 4th Street, NW, Washington, DC 20001, 1-202-727-3400, oag.dc.gov.
    Back to top