On December 5, 2022, Black, Gould & Associates, Inc. (“BGA”) reported a data breach with the Maine Attorney General after the company discovered that consumer information stored on its computer system was compromised after an unauthorized party gained access to the BGA network. According to BGA, leaked information includes the first and last names, Social Security numbers, dates of birth, and addresses of certain people who purchased an insurance policy sold by a broker or agent associated with BGA. Recently, BGA sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you purchased an insurance policy from an agent who does business with Black, Gould & Associates, Inc., your information may now be in the hands of the hackers who orchestrated the cyberattack. While it may seem as though the hackers are solely to blame for this, that isn’t necessarily the case. As we’ve mentioned in previous posts, companies are well aware of cyber threats and have a duty to protect the sensitive consumer information in their possession. If a company was negligent in how it stored your personal information, you may be able to hold the company accountable through a data breach lawsuit.

What We Know About the Black, Gould & Associates Data Breach

The available information regarding the Black, Gould & Associates breach comes from the company’s filing with the Attorney General of Maine as well as a BGA press release describing the incident. According to these sources, recently, BGA detected a potential data security issue within its computer system. In response, the company launched an investigation with the assistance of third-party digital forensics specialists in hopes of learning more about the nature and scope of the incident, as well as whether any sensitive information in BGA’s care was subject to unauthorized access.

The BGA investigation confirmed that an unauthorized party was able to access the company’s computer network between August 31, 2022 and September 10, 2022. It was also determined that some of the files that were accessible to the unauthorized party contained confidential information belonging to certain individuals who purchased an insurance policy from a broker or agent affiliated with CGA.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Black, Gould & Associates began to review the affected files to determine what information was compromised and which consumers were impacted. On September 21, 2022, BGA was able to determine which individuals’ information was included in the affected files. While the breached information varies depending on the individual, it may include your first and last name, Social Security number, date of birth, and address.

On December 5, 2022, Black, Gould & Associates sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Maine Attorney General’s “Data Breach Notifications” page indicates that 42,568 people’s information was leaked as a result of the Black, Gould & Associates data breach.

Black, Gould & Associates, Inc. is an insurance services company based in Phoenix, Arizona. The company provides insurance agents and brokers with backroom services enabling them to serve their clients more efficiently. The company offers insurance products through Aetna, Aflac, All Savers, Allwell, Ambetter, Amerigroup, Ameritas, Apex, Assurant, Blue Cross Blue Shield, Cigna, Colonial Life, Humana, Lifelock, MetLife, Mutual of Omaha, Sightcare, Transamerica, United Concordia, United Healthcare and more. Black, Gould & Associates employs more than 53 people and generates approximately $21 million in annual revenue.