When a leading insurance and asset management company was impacted by a third- party data breach, it needed to act quickly and decisively to notify affected customers. Kroll’s elite breach notification, monitoring and call center services enabled the company to provide tailored information and support to more than 2.5 million people in just four months, as well as delivering in-depth tracking and reporting for complete visibility and assured regulatory compliance.
Breach Notification
February 2, 2026
Simplifying the Complex Demands of a Third-Party Data Breach
Overview
Industry
- Insurance Services
Challenges
- 3 million customers affected
- Complex notification requirements
- Second third-party breach impacted one group simultaneously
Kroll Services
- Breach Notification
Impact
- Over 2.5 million impacted individuals notified
- Complete notification tracking and reporting
- Dedicated call center support
- Alternative monitoring solutions provided where required
The Challenge
An unauthorized third party gained access to the company systems of a global insurance and asset management business, compromising the personal data of around 3 million customers. The company needed to take decisive action to notify and advise all affected individuals. This had to be completed swiftly and securely to minimize the potential negative impact on its customers and reputation.
The business was very specific about the categories of data required as part of the notification process, as it needed to thoroughly research its customer records and break them into multiple data subsets for clearer tracking and reporting. As part of this effort, it planned to utilize unique data subsets to send letters in stages over 12 sets of mailings. Adding to the complexity of the company’s notification needs, shortly after the discovery of this initial incident, the same group of customers were affected by a second third-party data breach.
Kroll’s Solution
Kroll’s proven data breach notification expertise and proprietary technology enabled the organization to act quickly and effectively in response to the data breach. Kroll assisted by working with multiple data subsets simultaneously to meet the required mailing timelines, while also ensuring that the company fulfilled its regulatory obligations relating to data breach notification.
When the same group of customers was impacted by a further data breach, Kroll swiftly stepped in with an alternative credit monitoring solution for enhanced support. This allowed the business to provide two unique monitoring services for these customers at the same time. Given the scale and complexity of the breach, multiple entities were affected. Kroll’s data breach notification experts ensured that once notifications were completed, the affected entities received confirmation that their customers were notified, along with reports and copies of the notifications for their records.
The Impact
Comprehensive Breach Notification
Kroll’s proven breach notification expertise helped minimize the potential damage and disruption of the data breach by ensuring successful notification to more than 2.5 million individuals. By taking on the challenge of this particularly complex program of notifications, Kroll enabled the business to reassure and support its customers quickly and effectively, while safeguarding its brand and reputation.
Tailored Support
At a time when the company needed it most, Kroll delivered high-quality notification services tailored to its specific needs and priorities. This proved to be valuable when the same group of customers was impacted by a further third-party breach. On this occasion, Kroll was able to quickly set up a secondary credit monitoring solution for these individuals, ensuring enhanced defense and insight.
Dedicated Call Center Assistance
Kroll’s highly trained, multilingual customer support team was on hand to provide personalized support to all individuals affected by the data breach. With Kroll’s team having supported countless breaches over thousands of hours, the company’s customers benefited from an exceptional standard of advice and guidance.
Sophisticated Reporting
Kroll’s 20+ year track record of handling some of the largest and most complex breach notification requirements in the world meant it was ideally placed to enable the company to meet the complex and individualized data reporting requirements of its clients. As a result, the company had full visibility of every aspect of the breach notification process while also fully meeting its regulatory obligations.
Stay Ahead with Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.
Data Breach Notification Services
Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.
Breach Notification
Kroll’s data breach notification solutions – from drafting compliant letters, to full-service mailing help, to alternate notifications for large breaches – take the burden off your organization.
Data Breach Notification Letters
Kroll will work with your team to implement a personalized, plain-language notification letter that provides pertinent information and maintains message control.
Identity Monitoring
Kroll’s unique combination of identity monitoring services can detect more types of identity theft than credit monitoring alone, providing practical help to combat identity theft and fraud.
Identity Theft Restoration
Kroll provides your breach population with direct access to investigative experts for live support and best practice advice, as well as identity restoration should they become victims of identity theft.