Breach Notification

A leading insurance and asset management company was hit by a large-scale data breach, impacting more than four million customer and employee records and resulting in widespread media attention. Through an accelerated response with emergency call center support, a dedicated support website and expedited notice mailing, Kroll’s Breach Notification services ensured the business was able to take quick and decisive action following this globally significant security event.

The Challenge

A well-known insurance and asset management company was hit by a large-scale data breach in which a threat actor gained access to its cloud-based systems, compromising its customer relationship management database and impacting more than four million records relating to its customers and employees.

The company’s global status and the nature of the data breach led to widespread media attention around the security incident. The business needed to move fast to advise and support affected individuals as quickly as possible. A further challenge was that the company did not have full mailing address information for a large number of individuals, preventing it from sending notice and monitoring information to them and creating the need for an alternative approach. To achieve this, it required specialist notification assistance, emergency call centers and a notice website to provide immediate access to credit monitoring for the millions of impacted individuals around the world.

Kroll’s Solution

The insurance company made the decision to work with Kroll based on the successful long-standing working relationship between the two companies. Because Kroll has supported the company with a multitude of notification events over many years, it knew it could trust Kroll to deliver on its needs. The company needed the notification mailing to be completed as quickly as possible, so Kroll expedited its mailing process, setting up a customized mail schedule based on the client’s strict deadline. Following the distribution of the notices, the client wanted to confirm that all data had been included, and all impacted individuals had been updated. Kroll’s Breach Notification specialists liaised with the Kroll eDiscovery team to compare the notification data with the original breached data in order to verify that all affected people were notified.

Kroll also established an open enrollment website which provided immediate access to two years of credit monitoring services for individuals who were affected and awaiting their notification letters. The website also allowed the company to offer monitoring for individuals requiring an alternative way of receiving notice due to insufficient mailing address information. The site was set up and ready to use as soon as the data breach was publicized, giving impacted individuals peace of mind through immediate monitoring coverage.

The company needed emergency call center coverage to respond swiftly and effectively to customer calls it was receiving in response to the news about the breach. Within 24 hours, Kroll established a live call center with agents ready to handle hundreds of calls each day related to the incident. This allowed the company to maintain focus on their core business while Kroll helped manage the influx of calls from concerned customers.