Lyons Insurance customers’ identifiable information at risk due to unauthorized email access
Exploit: Unauthorized database access
United States - Lyons Insurance: Independent insurance broker and employee benefits firm
Risk to Small Business: 1.333 = Extreme Risk: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.
Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Few things can cripple a business like a data breach, and post-breach security initiatives can’t help those whose personal information is already available on underground marketplaces. Consumers and employees are increasingly unwilling to associate with companies that cannot protect their information, making cybersecurity a bottom-line problem for every business. Identifying and addressing vulnerabilities before a breach occurs offers tangible benefits over waiting until after a data disaster to make changes.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
