Phishing Compromised Employee And Allowed Unauthorized Access to Insurance Agency Customers

2019, Breaches, March

Who: Hartwig Moss Insurance Agency

# of Accounts Breached: 1,100 customers

What was affected: Names, birthdates and driver’s license numbers. A “limited medical information” for a “small number of individuals” may have also been accessed.

When it happened: March 20, 2019

How it happened: Hartwig Moss discovered its account security was compromised after two employee email accounts were red flagged for suspicious activity, the release said. An investigation revealed an unauthorized outside party may have gained access through the emails in a phishing attack.

Outcome: The company has reviewed its policies in light of the breach and is making changes, including retraining employees on “recognizing and appropriately responding to suspicious emails and other threats.” In addition, the company is offering to cover the cost of identity theft protection and credit monitoring through Kroll for affected customers.