UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
Date of Report (Date of earliest event reported):
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation) |
(Commission File Number) |
(I.R.S.
Employer Identification No.) |
|
||
(Address of principal executive offices) | (Zip Code) |
(
(Registrant’s telephone number, including area code)
Not Applicable
(Former name or former address, if changed since last report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Securities registered pursuant to Section 12(b) of the Act:
Title of each class | Trading Symbol(s) |
Name
of Exchange on which registered |
|
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 under the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 under the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ¨
Item 8.01 | Other Events |
Progress Software Corporation disclosed a zero-day vulnerability, which is a previously unknown flaw, in its MOVEit Transfer software (“MOVEit”) that could enable malicious actors to gain unauthorized access to sensitive files and information. MOVEit is now the subject of a widely reported cybersecurity event impacting numerous organizations and governmental agencies.
Jackson National Life Insurance Company (“Jackson”) determined that Jackson’s information at one of our third-party vendors, Pension Benefit Information, LLC (“PBI”), was impacted by this event. Jackson, and many other insurance carriers, use PBI to satisfy our regulatory obligations to search various databases to determine the death of certain life insurance policyholders or annuity contract holders. This service helps Jackson to identify possible beneficiaries for death benefits. According to PBI, an unknown actor exploited the MOVEit flaw to access PBI’s systems and download certain data. Our current assessment indicates that personally identifiable information relating to approximately 700,000 to 800,000 of Jackson’s customers was obtained by that unknown actor from PBI’s systems. PBI has informed Jackson that it has rectified the MOVEit vulnerability.
Separately, Jackson experienced unauthorized access to two servers as a result of the MOVEit zero-day vulnerability, however, the scope and nature of the data accessed on those servers was significantly less than the PBI impact. Notably, the unauthorized actor did not gain access to any other systems or software, there was no interruption of Jackson’s business operations, and we believe there was no impact to our financial results. Jackson, with assistance of third-party cybersecurity specialists, promptly launched an investigation into the unauthorized access, secured Jackson’s servers, patched the identified MOVEit vulnerability, and conducted a forensic analysis. Our preliminary assessment is that a subset of information relating to certain partner organizations and individuals, including certain customers of Jackson, was obtained from the two affected servers.
Jackson notified law enforcement, as well as our primary insurance regulators, and we will continue to keep them informed. Further, we are working diligently to identify all affected individuals and Jackson will ensure that appropriate notification is provided to these individuals, as well as other regulators, as soon as reasonably possible. In addition, affected individuals will receive more information about their impact and be offered credit monitoring and identity theft services.
While Jackson continues to investigate the incident, we do not believe the incident has a material adverse effect on the business, operations, or financial results of Jackson Financial Inc., our parent holding company.
Forward-Looking Statements
The information in this report contains forward-looking statements about future events and circumstances and their effects upon revenues, expenses and business opportunities. Generally speaking, any statement in this document not based upon historical fact is a forward-looking statement. Forward-looking statements can also be identified by the use of forward-looking or conditional words, such as “could,” “should,” “can,” “continue,” “estimate,” “forecast,” “intend,” “look,” “may,” “will,” “expect,” “believe,” “anticipate,” “plan,” “remain,” “confident” and “commit” or similar expressions. In particular, statements regarding plans, strategies, prospects, targets and expectations regarding the business and industry are forward-looking statements. They reflect expectations, are not guarantees of performance and speak only as of the dates the statements are made. We caution investors that these forward-looking statements are subject to known and unknown risks and uncertainties that may cause actual results to differ materially from those projected, expressed, or implied. Factors that could cause actual results to differ materially from those in the forward-looking statements include those reflected in Part I, Item 1A. Risk Factors and Part II, Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for the year ended December 31, 2022, as filed with the SEC on March 1, 2023, and elsewhere in the Company’s reports filed with the U.S. Securities and Exchange Commission. Except as required by law, Jackson Financial Inc. does not undertake to update such forward-looking statements. You should not rely unduly on forward-looking statements.
Item 9.01. | Financial Statements and Exhibits. |
(d) Exhibits.
Exhibit No. | Description | |
104 | Cover Page Interactive Data File (the cover page XBRL tags are embedded within the Inline XBRL Document) |
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
JACKSON FINANCIAL INC. | ||
Date: June 26, 2023 |
By: | /s/ Carrie L. Chelko |
Name: | Carrie L. Chelko | |
Title: | Executive Vice President and General Counsel |