A full-service insurance agency in Louisville, KY has revealed that it has suffered a data breach, and that sensitive customer information may have been exposed as a result.
The agency, Insuramax, revealed in a statement that it discovered the breach on June 14, 2019. Together with the help of a computer forensics firm, it determined that certain email accounts were subject to unauthorized access between February 12, 2019 and April 23, 2019. Any sensitive information held by the compromised accounts was accessible to unknown individuals.
Insuramax noted that the accounts contained information related to certain customers, as well as individuals who requested an insurance policy quote, and individuals whose workers’ compensation or general liability claims were processed. The type of information affected varies per affected individual, and could include one or more of the following: name, date of birth, Social Security number, driver’s license number or state identification card number, financial account information, and medical or health-related information.
The agency also warned that for a “very small number” of individuals, their credit or debit card numbers or passport numbers may have been affected.
Insuramax stated that it cannot confirm if any of their customers’ personal information was accessed or viewed without permission. The firm also offered assurances that the investigation continues, and that it does not have any evidence that any affected individual’s information has been misused.
Impacted individuals will be given complimentary credit monitoring services.
The agency is mailing letters to those affected by the incident. Insuramax has also revealed that since it discovered the breach, it has since changed all employee email account passwords and has taken additional steps to secure accounts.