enterprisesecuritymag

Probe into Lyons Companies Cyber Attacks Reveals Shocking Details

By Enterprise Security Magazine | Wednesday, September 04, 2019

Lyons Companies, a Delaware- based popular insurance brokers was recently subjected to a data breach incident which affected emails containing critical information.

FREMONT, CA: In the recent cyber attack on insurance brokers Lyons Companies, emails containing personal information on customers, including date of birth, name, contact details, financial information, and driving license information were compromised.

Attackers also extracted information on medical or clinical details, including medical record and patient identification numbers, treatment and diagnosis information, Medicaid identification number, besides health insurance and claims information. A small number of customers had to compromise on their social security numbers as well.

However, there have been no known incidents reported regarding the misuse of any information extracted as part of the attack.

The incident was noticed by Lyons Companies in early March, and an investigation began soon. For the investigation, the enterprise had hired a team of third-party forensic experts.

The probe into the attack revealed critical information that unauthorized third parties could access email accounts of two of the Lyons Companies' employees. Hackers compromised one email account between 4th and 12th of March, 2019. The other email was subjected to an attack for a few hours on 12th March 2019.

Also, following the review of emails, Lyons Companies worked continuously to determine which employer provided this data and also to notify employers involved in this incident. Lyons Companies receives its data through employers in addition to its insurance brokerage services.

In view of the attack, Lyons Companies has reinforced the security of systems for preventing any possibility of such incidents in the future. Also, the customers who had to compromise on their sensitive data are being provided with ‘Privacy Safeguards’. The Privacy Safeguards is a set of guidelines that could be employed to better safeguard personal information. Further, the enterprise has started to offer complimentary credit monitoring along with identity restoration services for all the affected customers.  

Weekly Brief