Insurance Firm Says Cyberattack May Have Exposed Personal Information
Philadelphia Indemnity Insurance suffered a cyberattack in June that potentially left customer data exposed, the company said in a notification letter the California AG office reported Tuesday. Texas and New Hampshire also reported the incident.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Upon discovery of unauthorized access, the company "took measures to secure" its network and "launched an investigation with the assistance of a cybersecurity firm," it said. The investigation uncovered "evidence of unauthorized activity" between June 9 and June 10, 2025.
According to the notification letter, files accessed included customer names, dates of birth and drivers' license numbers. The number of potentially impacted individuals wasn't reported. However, the Texas AG's website reported Thursday that 1,289 of its state's residents were affected.
In a notification letter to New Hampshire's AG office, the insurance company said it reported the event to the FBI and that it would start notifying residents of the state on July 22.
Philadelphia Indemnity has a webpage notifying visitors of the incident, which it calls a "network outage." It said no email or transmission of malware was involved, nor were any systems encrypted.
"The Company is already taking steps to further strengthen its defenses and reduce the risk of future threats," the page said. Additionally, the insurance company is offering a free year of identity monitoring services, including credit monitoring, fraud consultation and identity theft restoration.