The Hilb Group was hit by a phishing attack, and employee mistakes caused its clients’ financial data to be leaked.
The notice to affected clients on November 2nd stated that The Hilb Group Operating Company, LLC (Hilb) discovered “suspicious activity” related to several employee email accounts, which fell for a phishing attack.
Phishing is a type of social engineering attack carried out to steal sensitive user data. Threat actors impersonate an authoritative figure, a brand, or an organization to build trust. It’s often paired with a sense of urgency, forcing the victim to act immediately, often without thinking things through.
Spearphishing attacks are more personally crafted, with the scam message impersonating closest friends, family, or business clients and partners.
According to the notice, the cybersecurity incident at Hilb took place “for a limited period of time” between December 1st, 2022, and January 12th, 2023. The investigation by the company and third-party cybersecurity specialists showed that certain clients’ private data was exposed, such as names and Social Security numbers.
According to The Office of the Maine Attorney General, financial data was also exposed, including financial account numbers or credit/debit card numbers, in combination with security code, access code, password or PIN for the account.
In total, more than 81,539 people were affected by the breach. In response to the incident, the company has offered affected individuals credit monitoring services for 12 months.
Founded in 2009, Hilb is an independent insurance broker offering property, casualty, employee benefits, and retirement services.
More from Cybernews:
Subscribe to our newsletter