Insurance brokerage firm HUB has reported a cyber breach mainly related to its US operations with former and current staff as well as clients potentially affected, and a “limited” impact on Canadian customers.
In a statement shared with Insurance Business, HUB International, the parent company of HUB, provided updated information about the cyber event.
On January 17, 2023, HUB identified suspicious activity on certain systems of its network, the broker said. In response, the firm isolated the affected systems and started a forensic investigation.
The investigation found that an unknown individual accessed certain portions of HUB's network and copied files without the firm's authorization between December 2022 and January 2023, Hub said. As a result, the firm reviewed the accessed data to determine its contents and to whom it relates. On July 27, 2023, the firm completed the review and began the notification process.
HUB found that the cyber incident affected current and former employees, individuals for whom HUB places insurance policies, and individuals related to insurance carriers and employers to whom HUB provides services.
The accessed data included names, social security numbers, driver's license numbers, passport numbers, financial account information, health insurance information, and medical information.
The review and notification process are ongoing, and HUB is providing relevant notices as information becomes available,” HUB, which further confirmed there has been a limited impact for Canadian customers, said in the statement.
Since becoming aware of the breach, HUB said it has secured its systems, investigated the full scope of the cyber event, and notified law enforcement.
With the investigation and response to the cyber event still ongoing, HUB said it is offering monitoring services through Equifax and launching a call center to answer customer questions and provide support in accessing the monitoring services offered.
The broking group said it has brought in additional security measures and continued to evaluate policies, procedures, and technical security measures to further secure the information in its systems.
HUB reminded affected individuals to look out for suspicious activity, including identity theft and fraud. It also advised individuals to review account statements and monitor free credit reports for suspicious activity and detect errors.