Ryan Specialty Group, LLC (“Ryan Specialty”) is providing notice of a recent data security incident. The following notice provides information about the incident, Ryan Specialty’s response, and resources available to help individuals protect their information from possible misuse, should they feel it necessary to do so.
What Happened? On or about April 17, 2021, Ryan Specialty became aware of unusual activity related to certain employee email accounts. Ryan Specialty immediately commenced an investigation to better understand the nature and scope of this activity. On April 27, 2021, it was determined that certain employee email accounts were accessed without authorization between April 4, 2021 and April 20, 2021.
The investigation was not able to determine whether any specific emails in those accounts were accessed or viewed. In an abundance of caution, a programmatic and manual review of the contents of the email accounts was completed to determine whether sensitive information was present in the emails at the time of the incident.
This process was completed on June 30, 2021 and it was through this process that Ryan Specialty determined that certain personal information for a limited number of individuals was accessible (although not necessarily actually accessed or viewed by unauthorized individuals) within the accounts at the time of this event.
What Information Was Involved? It cannot be confirmed whether information related to individuals was actually accessed or viewed during this event. However, Ryan Specialty is providing notice to potentially impacted individuals out of an abundance of caution.
The information which was accessible within the email accounts included certain individuals’ names, driver’s license numbers, Social Security numbers, financial account information, passport numbers, medical information, health insurance information, government issued identification numbers, tax identification numbers, username/email and password, and dates of birth.
What We Are Doing. Ryan Specialty takes this incident and the security of personal information in its care seriously. Upon learning of this incident, Ryan Specialty moved quickly to investigate, respond, and assess the security of relevant systems.
Ryan Specialty’s response included further securing the potentially compromised accounts by resetting relevant account passwords, blocking potentially malicious IP addresses, removing any suspicious emails from Ryan Specialty mailboxes, reviewing for and disabling any suspicious rules within Ryan Specialty mailboxes, and opening investigations with its email solutions and managed services providers to gain further insight into the incident.
As part of Ryan Specialty’s ongoing commitment to the security of information, it is also reviewing existing policies and procedures to reduce the likelihood of a similar future event. Ryan Specialty also is offering access to complimentary credit monitoring and identity protection services for twenty-four (24) months through Experian to individuals whose personal information was accessible in the email accounts at the time of this incident.
For more such updates follow us on Google News ITsecuritywire News.