US insurance company Elephant Insurance and its subsidiary Apparent Insurance have announced that a recent cyber incident may have exposed the personal information of its customers.
The company revealed in a release that it had identified unusual activity on its network sometime in April 2022. After it had detected the suspicious activity, the insurer “promptly undertook a comprehensive investigation working with third-party specialists” to secure its systems and to determine the nature of the incident. It was later found that “certain consumer information” may have been viewed on or copied from Elephant’s network between March 26, 2022 and April 01, 2022.
Elephant warned that the information illegally accessed relates to both current and previous customers, and could also involve information the insurer received as part of providing a quote for auto or other insurance coverage. The affected information includes customers’ names, driver’s license numbers, and the dates of their birth. The company’s review identified the individuals whose information was in the affected data by April 25, 2022.
The exact number of customers affected by the data breach was not specified in Elephant Insurance’s statement.
However, the insurer said that it took measures to secure its systems following the incident, and that it has reported it to federal law enforcement. Elephant also said that it is notifying the appropriate state regulatory agencies, and that it is reviewing and enhancing its security measures. Customers whose information may have been compromised have been offered information, resources, and credit monitoring services.
Elephant Insurance itself is a subsidiary of the Admiral Group.