CII issues apology after data breach
The Chartered Insurance Institute has apologised after it identified an unauthorised third party had accessed its IT systems.
On 27 October the CII acknowledged it had suffered a cyberattack and hackers were able to access members’ personal data.
In a statement to Insurance Age, the CII confirmed the data accessed was members’ names and firms, addresses, email addresses, telephone numbers, and dates of birth. However, no financial information was accessed the CII stated.
According to the institute, a limited amount of personal data relating to around 20% of its customer records was accessed.
An email was sent by the CII to members informing them of the incident, which was seen and first reported by Citywire New Model Advisor.
The institute has reported the breach to the Information Commissioner’s Office.
The statement added: “We are sorry that this incident happened. We are committed to maintaining the security of the data that we hold. As such, we have taken the incident very seriously and acted swiftly in response to it, undertaking a detailed review of our security systems and testing protocols and making improvements.”
Investigation
The CII explained that when it identified that its IT systems had been accessed by an unauthorised third party it “immediately took steps to secure our systems and appointed external IT experts to investigate the incident and identify any impact on our members’ and customers’ personal data”.
In the statement the CII noted: “Given that this information was already likely to be in the public domain, the advice we have received is that there is very low risk. However, we have already informed all those impacted in the spirit of openness and transparency.”
The data breach follows the institute spending £8m on updating its IT systems in recent years, as confirmed by former CII CEO Sian Fisher to Insurance Age earlier this year.
PFS
A separate statement from the Personal Finance Society detailed: “We of course take any incident of this nature very seriously and are engaged with the CII on how they are strengthening their cyber defences as an urgent priority.
“Although we are advised that only a limited amount of personal data was accessed, we would always advise PFS members to be especially vigilant when it comes to their cyber security.
“The PFS leadership advises all members to continue to be cautious in responding to unsolicited emails and closely monitor for any suspicious or unusual activity.”
An ICO spokesperson said: “Chartered Insurance Institute have made us aware of an incident and we will be making enquiries.”
For all the latest industry news direct to your inbox, sign up for our daily newsletter.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@insuranceage.co.uk.
You are currently unable to print this content. Please contact info@insuranceage.co.uk to find out more.
You are currently unable to copy this content. Please contact info@insuranceage.co.uk to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@insuranceage.co.uk
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@insuranceage.co.uk