U.S. insurance and advisory services provider, Hilb Group, has fallen victim to a significant data breach, compromising the personal information of 81,539 individuals. The breach, which occurred earlier this year, resulted in the unauthorized access to employee email accounts, according to a report from The Register.
The breach incident revealed that threat actors not only gained access to individuals’ first and last names but also managed to exfiltrate sensitive financial information, including account numbers, credit card numbers, debit card numbers, security codes, passwords, and PINs. The intrusion into employee email inboxes took place over the span of approximately six weeks, from December 1, 2022, to January 12, 2023, as reported by the Hilb Group in a notification submitted to the Maine Attorney General’s office.
Hilb Group promptly secured the impacted email accounts once the breach was discovered. The organization has also taken additional security measures to mitigate the risk of similar breaches occurring in the future. By the end of July, the company completed a comprehensive review of the compromised email contents.
To ensure transparency and assist affected individuals, Hilb Group undertook efforts to identify those impacted by the breach before sending out official breach notification letters in the preceding month. Individuals whose data was exposed in this incident have been provided with complimentary identity protection services and credit monitoring to help safeguard their personal information.