Security

Cyber-crime

81K people's sensitive info feared stolen from Hilb after email inboxes ransacked

Credit card numbers, security codes, SSNs, passwords, PINs? Yikes!


Hilb Group has warned more than 81,000 people that around the start of 2023 criminals broke into the work email accounts of its employees and may have stolen a bunch of sensitive personal information.

The financial biz handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states. The Hilb Group did not immediately respond to The Register's inquiries about the extent of the intrusion nor how the thieves were able to get at such personal info.

What details are available are a little vague but worrying. In a notification to the Maine Attorney General's office on Thursday, the biz said miscreants accessed people's first and last names and sensitive financial data and credentials.

Specifically, we're told: "Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account)." That notification includes a sample letter to those affected by the security breach, which states the stolen data was limited to people's names and Social Security numbers.

Either way, not a good look for an outfit that claims to help people mitigate and manage risk.

Hilb says it discovered "suspicious activity" related to employee email accounts around January 10. After doing some digging, and bringing on a third-party incident response firm, the insurance brokerage determined someone broke into those inboxes between December 1, 2022 and January 12, 2023. Months and months ago, in other words. After that, Hilb said it tried to figure out what data the intruders had access to.

"We then began a thorough review of the contents of the email accounts in order to determine the type(s) of information contained within the accounts, and to whom that information related," the security breach notification letter [PDF] stated.

It said it completed this review on July 28, and then started locating affected individuals, which took another few months, apparently. And then on October 9, Hilb says, it began sending out letters to 81,539 folks notifying them that their personal and financial data was potentially stolen.

Hilb said upon discovering the intrusion it "immediately" secured the compromised email accounts, began a thorough investigation, and "implemented additional technical safeguards to enhance the security of information in our possession and to prevent similar incidents from happening in the future." So that's all right then.

The Register will update this story if and when Hilb responds.

To compensate for any stolen financial data, the insurance group is offering affected folks the usual free credit monitoring and identity protection services. ®

Send us news
3 Comments

T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'

Funny what putting more effort and resources into IT security can do

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more

Healthcare org Equinox notifies 21K patients and staff of data theft

Ransomware scum LockBit claims it did the dirty deed

The only thing worse than being fired is scammers fooling you into thinking you're fired

Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal

Salt Typhoon's surge extends far beyond US telcos

Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations

T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears

Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

No word on when or if the issue will be fixed

Ford 'actively investigating' after employee data allegedly parked on leak site

Plus: Maxar Space Systems confirms employee info stolen in digital intrusion

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

Yank access to management interface, stat

Data broker amasses 100M+ records on people – then someone snatches, sells it

We call this lead degeneration

China's Volt Typhoon crew and its botnet surge back with a vengeance

Ohm, for flux sake