Global insurance group Enstar has reported a data security breach impacting the privacy of certain stored information.
Despite no current evidence of fraudulent misuse of this data, Enstar explained that it is actively informing individuals about the breach and offering guidance on protective measures they might consider.
The incident came to light following a May 31, 2023, announcement by Progress Software Corp. about zero-day vulnerabilities in the MOVEit Transfer tool, which Enstar utilizes. The company said that it responded by swiftly applying software updates to mitigate the vulnerabilities and engaged third-party forensic specialists to assess the impact on their MOVEit Transfer server and the data stored therein.
During the investigation, it was determined that between May 29 and May 31, 2023, unauthorized access was gained by a group identified as “CL0P.” This access led to data extraction, Enstar confirmed.
Subsequent reviews by the company aimed to establish the nature of the data extracted and the individuals affected. Due to incomplete mailing address information for some individuals, initial notifications were sent on November 20, 2023, to those whose addresses were known.
A comprehensive review to locate additional addresses was completed by March 22, 2024, and the final set of notifications was mailed on May 3, 2024.
According to Enstar, the compromised data includes names, Social Security numbers, driver’s license numbers, state-issued identification numbers, individual taxpayer identification numbers, financial account information, medical information, health insurance details, and email addresses along with passwords.
The company has since mailed notification letters to the impacted individuals for whom it has addresses. Those who have not received a letter but suspect they may be affected are encouraged to contact the firm.
In response to the incident, Enstar has reported the breach to law enforcement and intensified its data security measures to prevent future occurrences.
The company also advised all potentially impacted individuals to monitor their account statements and credit reports for any unusual activity and to be vigilant against identity theft and fraud.
What are your thoughts on this story? Please feel free to share your comments below.
