.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Hilb Group
Nov 9, 2023 10:19:36 AM
The Target: Hilb Group, a business that handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states.
The Take: People's first and last names and sensitive financial data and credentials. Specifically, Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).
The Vector: Hilb says it discovered "suspicious activity" related to employee email accounts around January 10. After doing some digging, and bringing on a third-party incident response firm, the insurance brokerage determined someone broke into those inboxes between December 1, 2022 and January 12, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
