Patterson-Schwartz & Associates, Inc. (“PSA”) is a real estate firm headquartered in Delaware. In May 2025, they experienced a data breach when two employee email accounts were compromised in phishing attacks on May 14 and May 29.
Although PSA responded quickly to secure the compromised accounts and initiate incident response, sending notification letters to those affected was delayed until November 6, 2025. As PSA explains:
PSA has been delayed in sending notice to the data subjects due to unanticipated issues with its cybersecurity insurance coverage and due to the efforts needed to track down contact information on the consumers whose personal information was potentially exposed. First, when PSA alerted its cyber insurance company of the data breach, the insurance company informed PSA that its insurance policy had lapsed. This was due to a miscommunication between the insurance company and PSA’s insurance broker. There was a delay in data breach response as PSA negotiated with its insurance company and broker and ultimately obtained insurance coverage and support for the data breach response. Second, PSA conducted an extensive investigation into the potentially exposed data to determine the identity of individuals whose personal information may have been exposed and to track down contact information. This included having our notification vendor, TransUnion, use the National Change of Address Service as well as run searches against its extensive database. Ultimately, of the 1,735 individuals identified, we found mailing addresses for 1,531 individuals and email addresses for an additional 34 individuals. As noted above, of the individuals for which we have mailing addresses, 2 appear to be residents of New Hampshire.
When was the last time you checked to make sure that your cyberinsurance policy was paid up and in force?