CybercrimeData Breaches

81K people's private information stolen from Hilb after their email inboxes were scoured.

Numbers for credit cards, security codes, SSNs, passwords, PINs? Those are scary!

Around the beginning of 2023, thieves may have gotten into the work email accounts of Hilb Group workers and stolen a lot of private information. The company has warned more than 81,000 people about this.

Insurance for property, casualty, and employee benefits is handled by this financial company at more than 130 sites in 22 US states. The Hilb Group did not answer right away when The Register asked how big the breach was and how the thieves got to such private information.

The information we have is a bit unclear but still scary. The business told the Maine Attorney General's office on Thursday that thieves got into people's first and last names, secret financial information, and credentials.

Particularly, we're told: "Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account)." In that notice, there is a sample letter to people who were harmed by the security breach. The letter says that only names and Social Security numbers were stolen. 

Either way, it's not a good look for a group that says it helps people lower and handle risk.

Hilb says that around January 10, it found "suspicious activity" on employee email accounts. The insurance company found that between December 1, 2022, and January 12, 2023, someone broke into those email accounts. They did some research and hired a third-party incident response business to help them. To put it another way, months and months ago. Hillary said that after that, the company tried to figure out what data the hackers could see.

In a letter sent to their customers, The Hilb Group said that they started a thorough review of the contents of the email accounts to find out what kind(s) of information were in them and who that information belonged to. 

It said that this review was finished on July 28 and that it then began looking for people who were affected, which reportedly took a few more months. Hilb says that on October 9, letters were sent to 81,539 people telling them that their personal and banking information might have been stolen.

Hilb said that as soon as they found out about the breach, they "immediately" locked down the hacked email accounts, started a full investigation, and

"implemented additional technical safeguards to enhance the security of information in our possession and to prevent similar incidents from happening in the future."

The insurance company is giving people whose financial information was stolen free credit monitoring and identity security services as usual.

 

References:

  1. Office of the Maine Attorney General - Data Breach Notifications
Comments are closed