From the your-guess-is-as-good-as-mine dept.
On December 22, Seibels Bruce Group notified the New Hampshire Attorney General of breach. I’m pretty sure they were describing a hack, but from their wording, I suppose it’s possible that someone wandered into their offices and just browsed through their file cabinets. See what you think when you read the description.
What’s really noteworthy is that within the space of a few paragraphs, they went from saying that individuals’ data may have been improperly accessed to saying that they had confirmed that the individuals’ data was accessed.
From the letter to those affected:
We are sending you this letter as a cautionary measure because we believe that certain information about you may have been improperly accessed.
What Happened:
The Seibels Bruce Group, Inc. and its subsidiaries (“Seibels Bruce”) provide various identity verification and related services to insurance companies who use our services during the process of granting and servicing insurance policies. In mid-December, we became aware that certain personal records that we use for these business purposes were accessed improperly by an unauthorized third party. We promptly detected the issue, and took a number of measures to secure our systems. We are sending you this letter because we confirmed that, during this brief period of time, your records (which may have contained your name, address, telephone number, Social Security number, and/or date of birth) were accessed by an unauthorized third party.
And that’s all they wrote by way of explanation. They did tell those affected that they could call them on a toll-free information helpline, and it was a nice touch to have the President of Seibels Bruce Group sign the letter, but if I was on the receiving end of this notification letter, I would not be happy with the contradictions in the notification. What do you think?