Louisville, Kentucky – October 23, 2019 – Although unaware of any actual or attempted misuse, Insuramax is providing notice of a data privacy event impacting the security of information relating to certain customers and customers’ employees.
What happened? On June 14, 2019 and with the support of a leading computer forensics firm, Insuramax determined certain employee email accounts were subject to unauthorized access between February 12, 2019 and April 23, 2019, and sensitive information contained therein was accessible to unknown individuals.
What information may have been affected by this incident? The accessed email accounts contained information related to certain Insuramax customers and individuals who requested an insurance policy quote from Insuramax, as well as individuals whose worker’s compensation or general liability claims were processed by Insuramax. The type of information affected varies per impacted individual, and includes one or more of the following types of information: name, date of birth, Social Security number, driver’s license number or state identification card number, financial account information, and medical or health-related information. For a very small number of individuals, credit or debit card numbers or passport numbers were also affected.
Although we cannot confirm that any individual’s personal information was actually accessed, or viewed without permission, we are providing this notice out of an abundance of caution. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of any individual’s information as a result of this incident.
How will individuals know if they are affected by this incident? Insuramax is mailing notice letters to the individuals whose protected information was contained within the affected email accounts and may have been accessed or acquired by an unauthorized actor. If an individual did not receive a letter but would like to know if they are affected, they may call the hotline listed below.
What is Insuramax doing? Information privacy and security are among Insuramax’s highest priorities. Insuramax has strict security measures to protect the information in our possession. Upon learning of this incident, we quickly changed all employee email account passwords and took steps to secure the accounts. We are currently implementing additional technical safeguards as well as training and education for employees to prevent similar future incidents. We are also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. Because Insuramax has insufficient contact information for some of the individuals whose information may be contained in the impacted email accounts, we are providing notice to those potentially impacted individuals by way of a notification published to certain state media outlets. Insuramax is mailing notice letters to those individuals for whom it has confirmed mailing address information.
Whom should individuals contact for more information? If individuals have questions or would like additional information, they may call our dedicated assistance line at 1-877-594-0953 (toll free), Monday through Friday, 9:00 a.m. to 6:30 p.m., Eastern Time.
What can individuals do to protect their information?
While Insuramax is unaware of any actual or attempted misuse of any information involved in this incident, it encourages those potentially impacted by the event to take steps to better protect against identity theft and fraud if they feel it is appropriate to do so.
Monitor Your Accounts. To protect against the possibility of identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements, and to monitor your credit reports for suspicious activity.
Credit Reports. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Security Freeze. You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence.
Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
PO Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
PO Box 105788
Atlanta, GA 30348-5788
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
P.O. Box 105069
Atlanta, GA 30348
Additional Information. You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General. For Maryland residents, the Attorney General can be contacted by mail at 200 St. Paul Place, Baltimore, MD, 21202; toll-free at 1-888-743-0023; by phone at (410) 576-6300; consumer hotline (410) 528-8662; and online at www.marylandattorneygeneral.gov. For North Carolina Residents: The North Carolina Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh, NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400, and online at www.ncdoj.gov.