"When Penn Mutual learned that the former employee had, during the course of her employment, unlawfully accessed personal information of Penn Mutual customers, it immediately fired the employee," the breach disclosure states.
"Although we have not been able to determine definitively what customer accounts and what personal information were unlawfully accessed by the former employee, it appears that the former employee accessed and may have improperly disclosed the names, addresses, dates of birth, Social Security numbers, and bank account information associated with a number of our customer accounts," the disclosure says.
The notification letter filed with the state of New Hampshire does not say how many customers might have been affected by the data breach. Five of the customers are residents of New Hampshire.
Penn Mutual says it is notifying all of the individuals whose records might have been accessed by the employee, even though some of them might have been accessed via authorized means as part of the employee's everyday duties.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.