Ryan Specialty reveals April data breach
Reprints
Ryan Specialty Group LLC said Friday that its email system was breached in April, and personal information, including Social Security numbers and medical information, could have been accessed.
The Chicago-based specialty intermediary, which completed an initial public offering last month, said in a statement that it became aware of “unusual activity related to certain employee email accounts” on April 17. Ten days later, the company determined that some accounts had been accessed without authorization between April 4 and April 20.
The company completed a “manual review” of the contents of the email accounts on June 30, the statement said.
“It cannot be confirmed whether information related to individuals was actually accessed or viewed during this event,” Ryan Specialty said.
Information that was accessible included names, driver’s license numbers, Social Security numbers, financial account information, passport numbers, medical information, health insurance numbers, government-issued identity numbers, tax identification numbers, dates of birth, and email usernames and passwords, according to the statement.
Ryan said it has taken steps to secure the accounts, is reviewing its cybersecurity policies, and is providing credit monitoring and identity protection services to people who were affected.
The breach is the latest in a series of attacks against insurance industry companies. In June, Marsh & McLennan Cos. Inc. revealed that it was hit by a data breach in April; in March, CNA Financial Corp. was hit by a ransomware attack, which it reportedly paid $40 million to resolve; and in September 2020, Arthur J. Gallagher & Co. was the target of a ransomware attack.
A report released by Accenture PLC earlier this month said the insurance industry was the most frequent focus of ransomware attacks in the first half of this year.
