Hacker targets Eric Insurance client database
Motor add-on specialist Eric Insurance has notified almost 15,000 customers of a December breach in which personal information on a database was exposed to cybercriminals.
Its website was hacked between Christmas and New Year by an external party believed to be based in Bulgaria.
For 98% of individuals involved, the data potentially compromised was limited to their first and last names, email addresses, phone numbers and/or dates of birth, Eric CRO and Company Secretary Natasha Quirk told insuranceNEWS.com.au.
The breach was identified by Eric’s information technology team on January 5. Investigations then identified that a subset of customer data provided via its website may have been compromised.
"We acted swiftly to prevent further access through the website,” a letter from Ms Quirk said today. “We are unaware of any actual misuse of personal information to date.
“We are monitoring the dark web and found no evidence of customer personal information having been posted on it. We have also not received any ransom demand.”
The hacker was unable to access core systems but reached information provided by customers through online forms, such as address changes, claims lodgements and policy cancellations.
Ms Quirk says Eric notified all individuals involved as a precaution, to ensure all parties could take remedial action. The correspondence was developed with legal advice and includes recommended corrective and preventive actions.
“Eric completed these notifications in advance of the 30-day time frame required. Eric took only the necessary time to investigate the incident thoroughly and to identify which information had been potentially compromised for each individual customer,” a media statement said. “Eric’s reconstructed website is currently nearing completion by external website developers and all customer data will be fully protected going forward.”
Eric entered run-off late last year after issuing comprehensive motor cover for several years, plus warranties and consumer credit insurance sold through dealers.
A deferred sales model introduced in late 2021 brought a significant shift, with a four-day pause mandated between a sale and the add-on cover, to combat high-pressure sales.