Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Insurance brokerage firm Keenan & Associates says personal information stolen in an August 2023 cyberattack.

Insurance consulting and brokerage firm Keenan & Associates is informing more than 1.5 million individuals that their personal information was stolen in an August 2023 cyberattack.

The incident, the company said in a notification on its website, was discovered on August 27, when disruptions occurred on some of its servers, and was contained within hours.

Keenan’s investigation into the cyberattack revealed that “an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023.”

During that time, the attackers exfiltrated some data from the company’s systems, including personal information that Keenan had received and utilized to provide services to its clients.

According to the company, the exposed personal information varies by individual but includes names in combination with dates of birth, Social Security numbers, driver’s license numbers, passport numbers, health insurance information, and general health information.

Keenan says it has notified the impacted clients and has started sending out written notifications to the individuals whose data may have been compromised.

“While we are not aware of any evidence that your personal information has been misused, we wanted to make you aware of the incident and provide you with additional information on steps you may consider taking,” the company said in the notification letter sent to the impacted individuals.

The insurance broker informed the Maine Attorney General’s Office that more than 1.5 million individuals had their personal information compromised in the incident.

Advertisement. Scroll to continue reading.

Keenan did not say whether ransomware was deployed during the attack, but said it has strengthened the security of its network to prevent similar incidents and that it has observed no other signs of unauthorized activity since the attack.

The impacted individuals are being offered two years of complimentary identity protection services, to detect any potential misuse of the compromised personal information, and are encouraged to remain vigilant against incidents of identity theft and fraud.

Related: VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

Related: HMG Healthcare Says Data Breach Impacts 40 Facilities

Related: Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.