A California-based insurance company has been targeted by a phishing scam, which may have led to the leak of customer information.
Pacific Specialty Insurance Company recently issued a release giving details on the data breach incident, and the steps it has taken to control the damage caused.
According to the release, Pacific Specialty first became aware of “suspicious activity” in its employee email accounts on June 14, 2019. The company then launched an investigation, with the assistance of third-party forensic investigators, which determined that certain employee email accounts were accessed by an unauthorized actor between March 20, 2019 and March 30, 2019.
The company said in the release that every potential accessible file within the impacted accounts was reviewed to assess what might have been accessed by the unauthorized user.
On November 07, 2019, the company finally narrowed down the identities of the individuals whose information was included in the affected accounts. Pacific Specialty worked to obtain contact information of the affected individuals through January 14, 2020. The release also said that Pacific Specialty started notifying potentially affected individuals through mail on January 24, 2020.
Pacific Specialty warned that the type of information that was potentially exposed included individuals’ names, their Social Security numbers, driver’s license and/or government-issued ID details, financial information, payment card information, medical information, and health insurance information.
The company is offering 12 months of complimentary credit monitoring to potentially affected individuals.
“Pacific Specialty is committed to, and takes very seriously, its responsibility to protect all data in its possession,” the company said in a statement.
On top of offering credit monitoring services to affected individuals, Pacific Specialty also revealed that it has since changed the log-in credentials for all employee email accounts to prevent further unauthorized access. The company also said that it has enhanced its security measures, such as utilizing multifactor authentication, to better protect employee email accounts.