US automotive and home insurance provider Pacific Specialty Insurance reported on Monday, Feb. 24, that it had been a target of an email phishing campaign.
The insurance firm said employee email credentials were compromised due to the phishing incident led by unauthorized parties.
Pacific Specialty Insurance first became aware of the email campaign on June 14, 2019, where hackers gain access to several employee email account information. An investigation was conducted upon the discovery of the phishing incident, prompted by suspicious behavior.
“With the assistance of third-party forensic investigators, it was determined that certain employee email accounts were subject to unauthorized access between March 20, 2019, to March 30, 2019,” said the insurance firm in a press statement.
The update went on until January 14 this year, when the type of information that had been compromised was determined. Personal information of employees was accessed, including names, social security numbers, government-issued identification, and payment information. Additionally, health insurance information was also exposed to the data breach.
Part of the data security response is changing the login credentials of all employees, especially email accounts to prevent further unauthorized access. Moreover, the company also implemented multi-factor authentication and additional email security to prevent the same issue.
“Pacific Specialty began mailing notice letters to individuals whose information was contained within the impacted accounts and for whom it had a postal address,” said the company.
Affected individuals were also given 12 months of free credit monitoring service to watch out for the suspicious movements in their respective accounts. This is part of the initiative to prevent fraudulent activities.
More Damaging Data Breaches
Hackers are not only targeting insurance companies but also healthcare providers, including of which is the Managed Health Services of Indiana in January 2019. Phishing attacks led to the exposure of personal information of more than 31,000 patients in the facility. Information compromised consists of names, insurance ID numbers, addresses, birth dates, medical records, and social security numbers.
A month after, more than 1 million patients were notified by UW Medicine of a data breach that exposed health information. The gravity of the breach becomes more damaging as more people are involved in the incident.
Under the US Law, affected individuals are entitled to get six free credit reports from three major credit reporting bureaus Equifax, Experian, and TransUnion. This policy is only effective starting 2020 to 2026.