On or about April 25, 2022, Elephant Insurance reported a significant cybersecurity incident (the “Data Breach”) to regulatory authorities. The Data Breach occurred when an unauthorized actor accessed Elephant Insurance’s internal systems between March 26, 2022 and April 1, 2022. The attackers exfiltrated sensitive policyholder and applicant data before detection. Elephant Insurance launched an investigation, notified law enforcement, and began mailing notices to affected individuals. Approximately 2.7 million people were impacted by the breach.
Elephant Insurance is a property and casualty insurance company headquartered in Richmond, Virginia. It offers auto, home, motorcycle, and life insurance to customers in Georgia, Illinois, Indiana, Maryland, Ohio, Tennessee, Texas, and Virginia. Founded in 2009, Elephant is a subsidiary of Admiral Group plc, a FTSE 100 company with a presence in eight countries and over 9 million customers worldwide.
Elephant Insurance sent data breach notification letters to those affected and offered 12 months of complimentary credit monitoring and identity theft protection services. If you received a Data Breach notification letter from Elephant Insurance, it confirms that your information was potentially impacted.
What information is involved in the Elephant Insurance Company Data Breach?
Compromised information may include:
Name
Address
Date of Birth
Social Security Number
Driver’s License Number
Financial Account Information
Insurance Policy Details
Your Personally Identifiable Information (PII) includes details that can be used to identify you. It plays a key role in defining your identity. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
If you received a NOTICE OF DATA BREACH letter from Elephant Insurance Company, your personal and financial information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.