Insurance Services Office database breached; insurance data accessed
New Jersey-based Insurance Services Office (ISO), a provider of information and analytics to the property and casualty insurance industry, manages a database of insurance information, which includes data on participating insurers’ policyholders.
This week, they are notifying an undisclosed number of consumers that an investigation conducted by a county prosecutor’s office in New Jersey confirmed that there had been unauthorized access to the database. The database contains personal information such as contact information, date of birth, Social Security number, insurance policy number, and driver’s license number. Notification was delayed at the request of law enforcement so as not to impede the criminal investigation.
ISO is offering affected individuals with access to free credit monitoring services with AllClear ID and AllClear PRO for a year.
It is not clear from the notification template whether law enforcement and/or ISO has any evidence that the information has been misused, or whether there has been any arrest or charges to date. Nor is it clear whether this was an inside job or an external attack.