English insurer Staysure says it notified nearly 93,400 customers in December to inform them of a cyber attack.
The Northampton-based travel, home, auto and life insurer said encrypted payment card details—including three-digit card verification value details—used by 93,389 customers to buy coverage before May 2012 were stolen during an attack in late October. Customer names and addresses could be included in the Staysure data breach.
“We became aware of the problem on November 14 and quickly informed the relevant card-issuing bodies and subsequently the Financial Conduct Authority, the Information Commissioner’s Office and the police,” said Staysure CEO Ryan Howsam in a statement earlier this month.
According to Advisen Loss Insight data, nearly 56 percent of UK cyber cases—a total of 392—are from data breach, loss or theft. Improper disposal or distribution, loss or theft (of paper records) is next with 121 cases. Advisen began collecting UK cyber case data in 2007.
Staysure said it hired forensic data experts and the company has offered free identity-theft service provided by Experian.
Howsam said Staysure “removed the software and systems that the attackers exploited.”
UK companies have no responsibility under any law to report breaches of security but the Information Commissioner’s Office encourages companies to bring large cyber attacks to the office’s attention, said its website.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
