CRC Insurance Services, LLC Announces Data Breach Following Email Phishing Attack

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On July 26, 2023, CRC Insurance Services, LLC (“CRC”) filed a notice of data breach with the Attorney General of Montana after discovering that an unauthorized party had accessed several employee email accounts. In its notice, CRC explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information; however, the company’s data breach letter does not provide the leaked data types. Upon completing its investigation, CRC sent out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from CRC Insurance Services, LLC, it is essential you understand what is at risk and what you can do about it. As discussed in previous posts, companies have a legal obligation to protect confidential consumer data in their possession—regardless of how the company comes into possession of the data. For example, legally speaking, it doesn’t matter whether a company was provided sensitive data by another company or the consumer. Either way, data breaches such as this one significantly increase the risk of identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the CRC Insurance Services data breach.

What Caused the CRC Insurance Services Breach?

The CRC Insurance Services data breach was only recently announced, and more information is expected in the near future. However, CRC’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, on approximately January 18, 2023, CRC learned that several employees had been targeted in an email phishing attack.

In response, CRC secured the targeted email accounts and launched an investigation to determine what, if any, consumer data was leaked as a result.

The CRC investigation confirmed that an unauthorized party was able to access the affected employee email accounts and download some of the emails. CRC subsequently determined that a portion of the accessed and downloaded emails contained confidential consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, CRC Insurance Services reviewed the compromised files to determine what information was leaked and which consumers were impacted.

On July 26, 2023, CRC Insurance Services sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About CRC Insurance Services, LLC

CRC Insurance Services, LLC is a wholesale specialty insurance distributor located in Norcross, Georgia. CRC Insurance Services is a subsidiary of Truist Insurance Holdings. CRC Insurance Services and CRC Group employ more than 4,300 people and generate approximately $2.3 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide