Pacific Specialty says employee email accounts were compromised

US insurance company Pacific Speciality hit with phishing attack

A major US insurance company has disclosed a data breach after several employee email accounts were compromised.

Pacific Specialty Insurance Company, an automotive and home insurance provider serving all US states, reported on Monday (February 24) that it had been the target of a phishing email campaign.

The campaign, which Pacific Specialty first became aware of on June 14, 2019, saw unauthorized parties gain access to “several employee email account credentials”, the company said in a press statement.

The insurance provider launched an investigation upon the discovery of the security incident, prompted by suspicious behavior detected on the accounts in question.

“With the assistance of third-party forensic investigators, it was determined that certain employee email accounts were subject to unauthorized access between March 20, 2019, and March 30, 2019,” it said.

Work to determine the type of information that had been compromised lasted until January 14, 2020, Pacific Specialty said.

Unauthorized access

A wide range of personal data appears to have been implicated, including names, Social Security Numbers, government issued identification, financial and other payment card information, and health insurance information.

The Daily Swig has asked Pacific Specialty about how many individuals were potentially impacted by the incident. They replied with no further comment. 

In its press statement, the company said: “Pacific Specialty is committed to, and takes very seriously, its responsibility to protect all data in its possession.

“Pacific Specialty is continuously taking steps to enhance data security protections. As part of its incident response, it changed the log-in credentials for all employee email accounts to prevent further unauthorized access.”

READ MORE Generate data breach impacts 26,000 New Zealand residents

The company said that it had also enabled multi-factor authentication and additional email security to protect against future cyber intrusions.

“On January 24, 2020, Pacific Specialty also began mailing notice letters to individuals whose information was contained within the impacted accounts and for whom it had a postal address,” the company said.

Impacted individuals can claim free credit monitoring and are advised to watch their accounts for any fraudulent activity.

Pacific Specialty is based in California, a state that dictates disclosure of data breaches “in the most expedient time possible and without unreasonable delay”.

Investigations by law enforcement, however, can delay the notification requirement.

YOU MIGHT ALSO LIKE Ireland’s privacy regulator handled 6,000 data breach reports in 2019