Data Breached in Lyons Insurance USA Based Company
- On March 12, 2019, Lyons learned of unusual activity in an employee email account and immediately commenced an investigation into the nature of the activity.
- Working with third-party forensic experts, it was determined that two employee email accounts were accessed without authorization.
- The investigation determined that one email account was subject to unauthorized access between February 4 and March 12, 2019, and the second account was accessed for a few hours on March 12, 2019.
While the investigation was unable to confirm whether and what information, if any, was potentially accessed, Lyons also undertook a diligent review of all data within the account to determine what information was present and to whom that data related.
Lyons receives data from employers in furtherance of the insurance brokerage services it offers. Therefore, once the review of the emails was complete, we worked diligently to determine which employers provided the data and to notify the employers of this incident.
Lyons then worked with the relevant employers to determine contact information for those individuals whose data was present in the affected emails.
What Information was Involved to Breach?
While the data present in the affected emails varies by individual, it may include: name, contact information, driver’s license information, bank account or other financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, Medicare or Medicaid identification number, and health insurance and claims information. For a small percentage of individuals, the data may also include Social Security number.
Now What Lyons Doing?
- Lyons takes this matter, and the security and privacy of all information that we hold very seriously.
- In addition to conducting a diligent investigation, Lyons has enhanced the security of its systems to mitigate the risk of future incidents.
- Lyons is also providing individuals with notice of this incident and “Privacy Safeguards” guidelines that may be used to help protect personal information from potential misuse.
- Lyons is providing potentially impacted individuals with access to complimentary credit monitoring and identity restoration services.