On October 16, Millers Mutual Group started notifying claimants whose information was stored on Systema Software’s server. The leak was first disclosed by DataBreaches.net in September, and Millers says they first learned of it on September 23, apparently weeks after other entities were notified by the vendor or Chris Vickery, who had discovered the leak.
In a letter to those affected, Timothy Kirk, Vice-President of Claims for Millers writes (emphasis added by DataBreaches.net):
In the past, you brought a claim against a company that was insured by Millers. On September 23, 2015, we learned that some of your claim information, which had been stored on servers used by our claims software vendor (“vendor”), was accessed by an unauthorized individual. The vendor maintained this claims information off-site, without Millers’ knowledge or permission. Upon learning of this incident, we immediately began an investigation in cooperation with our vendor, and the incident was reported to law enforcement. Our investigation determined that the claims information stored on the server used by our vendor included your name, address, date of birth, and Social Security number.
The total number affected was not disclosed, but despite confidence in reports that only Vickery accessed the data, the firm offered those affected one year of credit monitoring with Experian ProtectMyID.