Hub International Ltd. said Friday that it was hit by a cyber breach late last year, and sensitive data related to some of its employees and customers was accessed.
The brokerage said it isolated the affected systems when it became aware of the breach on Jan. 17, started a forensic investigation and began its notification process after it completed its initial data review last month.
According to a notice on its website, Hub determined that an unknown individual accessed portions of its website and opened and copied files between December 2022 and January 2023.
“We determined that the data contains information related to current and former employees, individuals for whom Hub places insurance policies, and individuals related to insurance carriers and employers to whom Hub provides services,” the notice said. The breach primarily affected its U.S. operations.
Affected data varies by individual but includes Social Security numbers, driver’s license numbers, passport numbers, financial account information, health insurance information and medical information. Some data also related to a limited number of Canadians, the notice said.
Hub said its investigation is ongoing and it has implemented additional security measures.
In addition, Hub is offering credit monitoring services to those affected and has launched a call center to answer questions and provide support, the brokerage said in a statement.
Several insurance brokers have been subject to cyber breaches in recent years, including Aon last year, Ryan Specialty LLC in August 2021, Marsh in July 2021 and Arthur J. Gallagher & Co., which was hit by a ransomware attack in 2020.