DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Relation Insurance Discloses Data Security Incident

Posted on February 14, 2020 by Dissent

The following is part of Relation Insurance’s disclosure notice, published February 13 on their site:

What Happened?  Relation Insurance Inc. (“Relation”) provides insurance brokerage services working with certain insurance providers, and we are issuing notice of a recent event that may impact the privacy of certain personal information.  To date, Relation has not received any reports that personal information has been misused as a result of this event.

On August 15, 2019, Relation became aware of unusual activity in an employee’s email account. We immediately secured the employee’s email account and launched an investigation, with the assistance of a third-party computer forensics specialists, to determine what may have happened and what information may have been affected. Our investigation determined that an unknown individual had access to the email account between August 14th and August 15th of 2019.  We then undertook a comprehensive review of emails that were present in the account at the time of the incident to identify what personal information was stored within the emails and to whom that information relates.  On October 16, 2019, Relation confirmed personal information was present in the email account and began review its files to determine which business partners were associated with this information.  On December 13, 2019, Relation provided notice of this incident to its insurance provider partners. Although we are unaware of any actual or attempted misuse of any personal information, we are providing this notification out of an abundance of caution.

What Information Was Involved?  The potentially affected information varied by carrier and individual. The information that may have been present in the email account at the time of the incident included the following identifiers: name, address, telephone number, email address, date of birth, Social Security number, passport number, driver’s license or state issued identification number, copy of marriage or birth certificate, account and routing number, financial institution name, credit/debit card number, PIN, expiration date, treatment information, prescription information, provider name, medical record number, patient ID, health insurance information, treatment cost, medical history, mental or physical condition, diagnosis code, procedure type, procedure code, treatment location, admission date, discharge date, medical device number, and date of death.

What Are We Doing?  Information privacy and security are among our highest priorities.  Relation has strict security measures in place to protect information in our care. Upon discovering this incident, we immediately took steps to confirm the security of our systems, including our employee email accounts.  We reviewed existing security policies and implemented additional measures to further protect information, including enhanced email security. We also reported this incident to law enforcement.

You can read the full notification here, but it seems that once again, we are seeing notifications made months after discovery of an incident — in this case, six months until public disclosure. Now some will argue that the breach wasn’t discovered until October 16 when they discovered/learned that the email account had personal information in it, but why did it take two months to discover that? Some of these delays simply do not sound totally reasonable in the absence of any explanation for delays.

No related posts.

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesU.S.

Post navigation

← PA: Rutter’s data breach impacted at least 70 Pennsylvania stores
Russian hacker known as ‘Aqua’ targeted western Pa. school district →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.