Insuramax, an American full service insurance agency based in Louisville, Kentucky, has provided notice of a data privacy event impacting the security of information relating to certain customers and customers’ employees.
On June 14, 2019 and with the support of a leading computer forensics firm, Insuramax determined certain employee email accounts were subject to unauthorised access between February 12th 2019 and April 23rd, 2019, and sensitive information contained therein was accessible to unknown individuals.
The accessed email accounts contained information related to certain Insuramax customers and individuals who requested an insurance policy quote from Insuramax, as well as individuals whose worker’s compensation or general liability claims were processed by Insuramax.
The type of data affected varies per impacted individual, officials say, and includes one or more of the following types of information: name, date of birth, social security number, driver’s license number or state identification card number, financial account information, and medical or health-related information. For a very small number of individuals, credit or debit card numbers or passport numbers were also affected.
Although it has not yet been confirmed whether any individual’s personal information was actually accessed, or viewed without permission, the company has issued notice out of caution. While the investigation is ongoing, Insuramax says it does not currently have any evidence of actual or attempted misuse of any individual’s information as a result of the incident.
Insuramax is now in the process of mailing notice letters to the individuals whose protected information was contained within the affected email accounts and may have been accessed or acquired by an unauthorised actor.
Upon learning of the incident, Insuramax changed all employee email account passwords and took steps to secure the accounts. They are currently implementing additional technical safeguards as well as training and education for employees to prevent similar future incidents.
The company is also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. Because Insuramax has insufficient contact information for some of the individuals whose information may be contained in the impacted email accounts, the firm is providing notice to potential victims by way of a notification published to certain state media outlets. Insuramax is mailing notice letters to those individuals for whom it has confirmed mailing address information.
The post #Privacy: US insurance firm gives notice of data privacy incident appeared first on PrivSec Report.