November 21, 2023

Enstar US Announces Provides Notice of MOVEit Data Breach to Over 64k Individuals

+ Follow Contact

Send

Embed

On November 20, 2023, Enstar Inc. filed a notice of data breach with the Attorney General of Maine after discovering that a vulnerability in MOVEit, a file-transfer program used by Enstar, contained a critical vulnerability. In this notice, Enstar explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and driver’s license numbers. Upon completing its investigation, Enstar began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Enstar Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Enstar US / MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Enstar US?

The Enstar / MOVEit data breach was only recently announced, and more information is expected in the near future. However, Enstar’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, Enstar is in the business of acquiring and managing insurance companies and portfolios of insurance business from other insurance companies and groups. As a result, Enstar receives information about certain consumers who make insurance claims.

Enstar uses a secure file transfer software called MOVEit, which was developed by Progress Software. On May 31, 2023, Progress Software announced a zero-day vulnerability that impacted MOVEit. Once Enstar learned of the MOVEit vulnerability, it installed all software updates and followed the suggested mitigation steps to reduce the likelihood of unauthorized access. Enstar also initiated an investigation with the help of outside cybersecurity experts.

The Enstar investigation ultimately confirmed that hackers accessed the company’s MOVEit server between May 29, 2023, and May 31, 2023, and exfiltrated data during that time. Enstar also learned that the hackers were able to access files containing confidential consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, Enstar US reviewed the compromised files to determine what information was leaked and which consumers were impacted. Enstar completed this process on October 21, 2023. While the breached information varies depending on the individual, it may include your name, Social Security number, and driver’s license number.

On November 20, 2023, Enstar US sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Enstar Inc.

Founded in 2001, Enstar Inc. is an insurance and business management company based out of Hamilton City, Bermuda. Enstar is publicly traded on the NASDAQ under the ticker symbol “ESGR.” Enstar US employs more than 792 people and generates approximately $230 million in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.