Aviva USA says 'malware' at fault in data breach

CONCORD, N.H.—Aviva USA, the life insurance and annuity arm of Aviva P.L.C., said it has discovered a data breach that leaked the Social Security numbers, names and possibly addresses of 550 of its customers.

Aviva said it notified the New Hampshire attorney general’ s office of the breach on May 29, which it said occurred between Dec. 30 last year and Feb. 24 this year. New Hampshire is one of several states that require companies to report data breaches.

The breach was due to malicious software, more commonly referred to as malware, that was installed on the Des Moines, Iowa-based insurer’s computer system as online research was being conducted.

According to the letter, Aviva has removed the affected hardware from service and issued new passwords to its employees whose login information may have been compromised.

Customers whose identity was potentially compromised by the breach will be offered free identity theft protection service for a year and identity theft insurance coverage up of $25,000, Aviva wrote in its letter.