Data of Thousands in MA Compromised in Hub Hack
Over 20,000 Mass. Residents Affected By The Brokerage Firm’s Data Breach
On August 11, 2023, Insurance brokerage firm Hub International Limited notified the Office of Consumer Affairs and Business Regulation of a data breach at the institution involving the personal information of thousands of Massachusetts customers in Massachusetts. According to a notification letter sent to impacted individuals in Vermont in late July, hackers were able to access Hub’s systems and copy files containing sensitive customer data between December 2022 and January 2023.
Among the types of personal information exposed in the data breach were names, addresses, Social Security numbers, driver’s license numbers, financial account numbers, and medical information.. Hub stated in the letter that it was in the process of notifying all individuals whose information was contained in the compromised files.
According to records obtained by Agency Checklists, the Hub data breach exposed the data of 21,267 residents across the Commonwealth. In response to the breach, Hub is offering those affected two years of free credit monitoring services through Equifax to help protect them from potential identity theft and fraud.
Data Breaches in Massachusetts Surge in 2023, Impacting Millions
According to statistics from the Massachusetts Office of Consumer Affairs and Business Regulation, more than 3,559,506 Massachusetts residents have been affected by a data breach, exposing personal data. This number is almost double the amount affected in 2021, when a total of 2,488 data breach incidents were reported affecting approximately 1,861,422 individuals.
While the majority of reported data breaches were limited in scope, affecting relatively few Massachusetts residents, several major incidents have put tens or even hundreds of thousands of individuals at risk. For example, a breach at insurance provider Harvard Pilgrim Healthcare impacted over 2,000,000 people earlier this year, while the Cannabis Control Commission notified the commonwealth of a data breach this year affecting 16,000 Mass. residents. And just last month, Corebridge Financial disclosed a breach impacting over 90,000 Massachusetts customers.
In the current year, the insurance industry has witnessed a trend of data breaches, with Hub International not being the sole entity to report such an incident to the Office of Consumer Affairs and Business Regulation. Alongside Hub, other major firms have also disclosed data breaches, underscoring the sector’s vulnerability to cyber threats. The latest data on data breach notifications in Massachusetts can be viewed here.
Insurance companies and brokerages are increasingly prime targets for cybercriminals given the vast amounts of sensitive customer data they collect and store. Information like Social Security and driver’s license numbers can be used to commit identity theft and fraud. And medical or financial details can be exploited for extortion and blackmail schemes.