In a news release published Friday, the
Empire Life Insurance Company announced that it had responded to a data breach that may have affected some of its customers.
According to the company’s statement, it was the victim of an email phishing incident on November 20. The attack enabled an unauthorized source to gain temporary access to the internal email accounts of 10 employees. The company got wind of the cyber-attack within minutes of the breach and its IT department took steps to contain the incident.
The release noted that Empire Life is continuing its internal investigation to determine what type of information the hacker may have accessed.
While current evidence suggests that personal customer information has yet to be used inappropriately, the customer data may have been viewed by an unauthorized third party. Such personal customer information include fund values, dates of birth, addresses, medical information related to applications and claims, and social insurance numbers.
To help customers with inquiries about the data breach, Empire Life launched a website with information regarding the incident. The website also includes a guide for customers on how to secure their accounts and avoid phishing email scams.
The insurer has notified the Privacy Commissioner and Canadian Anti-Fraud Centre of the incident.
“The security of our customers’ personal information is extremely important to us,” said Empire Life president and CEO Mark Sylvia. “Empire Life has taken a number of steps to enhance IT security, including implementing new technologies and enhancing internal awareness and education training programs designed to help employees recognize and prevent phishing attempts.”
Related Stories:
Heartbleed Bug Culprit Stephen Solis-Reyes dodges prison time for cyber attack
Insurer named best in Canada