The California Department of Insurance (CDI) said yesterday that it will conduct a review of Nationwide Mutual Insurance’s cybersecurity measures following a database breach that resulted in the theft of information from a million policyholders and non-policyholders.

Nationwide notified the department earlier this month that hackers had stolen confidential information such as names, Social Security numbers and other identifying information. No credit card information was breached, the company said.

Liz Giannetti, a Nationwide spokeswoman, said the breach was “a sophisticated attack by a criminal on a portion of our computer network” that was discovered and secured on Oct. 3. She confirmed the 1 million figure as an accurate estimate of the number of accounts that may have been breached, and said it could affect “current, former and prospective Allied and Nationwide customers” in all 50 states. The company is not aware of any misuse of personal information from the breach, she said.

People whose data may have been compromised will receive a letter from Nationwide offering free credit monitoring and identity theft services, Giannetti said. Nationwide has also established a toll-free number, (800) 760-1125, to address questions about the incident.     

CDI said that at this point it is satisfied that Nationwide is taking appropriate first steps to notify consumers whose information was accessed. The investigation is intended to make sure that the insurer has taken the necessary steps to guard against a future breach, said Dave Jones, California’s insurance commissioner, in a statement.