I don’t understand: if they detected and responded to this phishing incident in November, 2015, why are they first issuing this statement now?
June 17, 2016 (Toronto, Ontario) – The Empire Life Insurance Company (Empire Life) announced today that the company is responding to a data breach that may affect a number of its customers.
On November 20, 2015, Empire Life was the victim of an email phishing incident, in which an unauthorized source gained temporary access to 10 internal employee email accounts. Phishing is an increasingly sophisticated illegal tactic used to trick people into providing account information such as usernames and passwords by impersonating a trustworthy individual or organization in electronic communications.
Within minutes of the occurrence, Empire Life’s IT department had identified the affected email accounts and took steps to contain the incident. Empire Life is continuing its internal investigation to determine what information the perpetrator may have accessed.
To date, there is no evidence that personal customer information has been used inappropriately. However, it is possible that personal customer information in the affected email accounts may have been viewed by an unauthorized third party. The personal information that may have been viewed varies from case to case depending on the email account, but could include fund values, dates of birth, addresses, medical information related to applications and claims, and social insurance numbers.
Empire Life has launched a website to provide customers with information related to this incident, including steps they can take to further safeguard their personal information, and suggestions on how to avoid phishing incidents on their email accounts.
The Privacy Commissioner and Canadian Anti-Fraud Centre have both been notified.
“The security of our customers’ personal information is extremely important to us,” said Mark Sylvia, President and CEO of Empire Life. “Empire Life has taken a number of steps to enhance IT security, including implementing new technologies and enhancing internal awareness and education training programs designed to help employees recognize and prevent phishing attempts.”
Any customers who are concerned about the incident are encouraged to visit our website at www.empireupdate.ca (English) or www.miseajourempire.ca (French) or call 1-888-414-8020 (English) or 1-844-319-9656 (French).