PROVIDENCE — The Beacon Mutual Insurance Company, which provides workers’ compensation insurance in Rhode Island, Massachusetts, and Connecticut, said it has started notifying 162,000 customers whose personal information was exposed during a January cyberattack.
In a post on its website, the Warwick, R.I.-based company said an “unauthorized person” gained access to some of its systems between Jan. 7 and Jan. 14 and acquired copies of files containing customers’ names and “one or more of” Social Security numbers, driver’s license information, financial account numbers, health insurance information, “and/or medical treatment information.”
In an email on Friday, Michelle Pelletier, assistant vice president of marketing and communications at Beacon Mutual, described the incident as a “ransomware attack.”
INC Ransom has taken credit for the hack, the Rhode Island Current reported in February.
“I am not at liberty to discuss the ransom demand,” Pelletier wrote. “We are not in communication with Inc ransom.”
Beacon Mutual said it learned of the unauthorized activity on Jan. 14 and immediately “took action to contain it, began an investigation, and reported the incident to law enforcement.” In a separate post on its website in January, the company said it disconnected “certain systems to contain the threat” and restored them on Jan. 20.
“We regret any inconvenience this matter may cause and appreciate the patience and understanding of our policyholders, partners, and other stakeholders,” the latest post said. “Beacon Mutual has taken, and will continue to take, steps to enhance the security of our computer network to prevent something like this from happening in the future.”
The company said it began mailing letters to people whose personal information was involved in the incident on Monday.
About 11,890 people in Massachusetts and 131,027 individuals in Rhode Island were involved, according to the company.
According to the Rhode Island State Employee Handbook, Beacon Mutual is the state’s third-party administrator for its workers’ compensation program.
“For individuals whose information was involved in the incident, Beacon Mutual recommends that they review their credit reports and financial account statements for any unauthorized activity,” Pelletier wrote.
“Beacon Mutual is offering letter recipients with a Social Security number and/or driver’s license involved a complimentary membership in credit monitoring and identity theft protection services through Experian.”
People who believe their information may have been involved can also call Beacon Mutual at 833-918-8448, “available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, excluding U.S. holidays, for additional information,” the company said.
This story has been updated to include comment from Michelle Pelletier.
Christopher Gavin can be reached at christopher.gavin@globe.com.
Click Here For The Original Source.
