Insurance consulting and brokerage firm Keenan & Associates is informing more than 1.5 million individuals that their personal information was stolen in an August 2023 cyberattack.
The incident, the company said in a notification on its website, was discovered on August 27, when disruptions occurred on some of its servers, and was contained within hours.
Keenan’s investigation into the cyberattack revealed that “an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023.”
During that time, the attackers exfiltrated some data from the company’s systems, including personal information that Keenan had received and utilized to provide services to its clients.
According to the company, the exposed personal information varies by individual but includes names in combination with dates of birth, Social Security numbers, driver’s license numbers, passport numbers, health insurance information, and general health information.
Keenan says it has notified the impacted clients and has started sending out written notifications to the individuals whose data may have been compromised.
“While we are not aware of any evidence that your personal information has been misused, we wanted to make you aware of the incident and provide you with additional information on steps you may consider taking,” the company said in the notification letter sent to the impacted individuals.
The insurance broker informed the Maine Attorney General’s Office that more than 1.5 million individuals had their personal information compromised in the incident.
Keenan did not say whether ransomware was deployed during the attack, but said it has strengthened the security of its network to prevent similar incidents and that it has observed no other signs of unauthorized activity since the attack.
The impacted individuals are being offered two years of complimentary identity protection services, to detect any potential misuse of the compromised personal information, and are encouraged to remain vigilant against incidents of identity theft and fraud.