Erie Insurance says it is continuing to make “strong and steady” progress toward resuming normal business operations after a cyber attack that shut down its system on June 7. 

The company is one of three insurance companies attacked in the past month including Aflac and Philadelphia Insurance Companies. 

“After a thorough review of all systems, conducted by both our team and external partners, we have safely and securely reconnected several business systems and applications,” says an Erie Insurance update posted on Monday. 

At this time, there is no ransomware or ongoing threat actor activity, according to the update. 

“We take these matters very seriously and are working diligently to identify what, if any, data may have been affected,” the update says. “Our investigation is ongoing, and we will continue to provide updates as we have more information.” 

Customers are encouraged to follow best practices for personal security and notify their financial institutions of any unusual activity, according to Erie. It notes that Erie will not contact customers by phone or email to request payments at this time. It also asks consumers not to click on links from unknown sources or share personal information such as a username or password via phone or email. 

Policyholders who need to file a claim should contact their local agent or Erie’s First Notice of Loss team at (800) 367-3743. Customer care can be reached at (800) 458-0811. 

A June 11 update says that Erie’s Information Security team identified unusual network activity on June 7. It says immediate action was taken to safeguard the company’s systems and data. 

On June 7, the same day that Erie was notified of the activity, the company filed a Form 8-K with the Securities and Exchange Commission, noting that it had identified the activity and determined it to be the result of an information security event. 

Erie’s website first put out an alert on June 8. At the time, the alert only stated that a network outage was affecting all systems and did not mention a cybersecurity event. Notices on June 9 and June 10 reiterated that an outage was occurring, without mentioning the event. 

The company first made mention of “unusual network activity” on June 11. 

Erie has not published information on who it thinks the threat actors are. 

Erie is one of three insurance companies to be hacked this month, according to USA Today. Aflac recently disclosed that its network was breached and attackers may have accessed customers’ personal information, the newspaper says. 

Aflac does not provide traditional vehicle insurance but does provide some rider insurance. 

The insurance company says in a June 20 Form 8-K filing that it detected unauthorized access to its network on June 12. It believes the incident was contained within hours. 

“The company’s business remains operational, and its systems were not affected by ransomware. The company continues to serve its policyholders as it responds to this incident and can underwrite policies, review claims, and otherwise service customers as usual,” the filing says. “The company has engaged leading third-party cybersecurity experts to support the company’s response to the incident.”

Reuters reports that an Aflac spokesperson told the publication the characteristics of the incident were consistent with Scattered Spider. 

John Hultquist, chief analyst for Google Threat Intelligence Group, sent a warning to the insurance industry last week via an X post. 

“Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry,” Hultquist said. “They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers.” 

CybersecurityDive, a cybersecurity media publication, reports that Scattered Spider has a history of targeting specific industries in clusters and was previously linked to MGM Resorts and casino companies. 

Philadelphia Insurance Companies also recently announced a cybersecurity incident. As of Monday, the company continued to service claims, new accounts, renewals, and update current policies via phone or email, according to an update. The company first announced an outage affecting its phones, email systems, and customer access to the online application on June 10. 

The company focuses on commercial property and casualty insurance.

IMAGE

Photo courtesy of anyaberkut/iStock

Share This: