Lyons Companies has issued a notice warning its clients that it has been the target of a potential data breach.
On March 12, 2019, the Wilmington, DE-based brokerage detected “unusual activity” in an employee email account. Lyons then immediately took steps to respond, and launched an investigation into the unauthorized access, which involved working with third-party forensic experts.
The investigation determined that two Lyons employee email accounts were accessed without authorization – one account was accessed between February 04 and March 12, and the other was accessed for a few hours on March 12. The investigation was unable to confirm whether and what type of information was potentially accessed, but Lyons has undertaken a review of all the data within the two accounts to determine what sort of information was present and to whom the data was related.
Lyons warned that the data potentially exposed by the incident may include names, contact information, driver's license information, bank account or other financial information, dates of birth, medical record numbers, patient identification numbers, medical and/or clinical information including diagnosis and treatment information, Medicare or Medicaid identification numbers, and health insurance and claims information. The brokerage additionally warned that for some individuals, their social security numbers may have been compromised, as well.
“Lyons takes this matter, and the security and privacy of all information that we hold very seriously,” the brokerage said in a statement.
The company explained that on top of its investigation, it has enhanced the security of its systems since the incident. It will also provide individuals who may have been affected notice of the incident, as well as complimentary credit monitoring and identity restoration services.