Milliman data breach disclosures

Data security incident involving Milliman Financial Risk Management

OCTOBER 6, 2025 — On Thursday, Sept. 25, 2025, an unauthorized external actor gained access to Milliman Financial Risk Management’s (FRM) data. The external actor only had access to our data for a few minutes before being detected. The intrusion occurred on a Milliman FRM server that is not connected to the rest of Milliman. Milliman took immediate steps to isolate and secure the system and minimize disruption, leading to a designed shutdown. Milliman’s backup data and disaster recovery plans worked as intended, allowing us to secure isolated backups of our data. The incident did not interrupt our operations and any data exposed is not actionable. During the outage, Milliman FRM was able to perform all key functions, and all services were restored within three days. The data that was exposed included operational data and did not include any personal identifiable information (PII).

---

PBI/MOVEit data breach

JULY 20, 2023 — Data security is one of Milliman’s top priorities. It is vital that we provide appropriate security to ensure the services we provide to our clients are of the highest standards. Milliman has been closely monitoring the MOVEit data breach, and we have been notified by our vendor, Pension Benefits Information (PBI), of some limited instances of impact to our clients’ data. We have been in direct contact with affected clients in relation to this breach.

For questions, please contact your client relationship contact.