Data of hundreds of commercial insurance policyholders may have been compromised when hackers targeted an unnamed US law firm. In a statement by global specialist insurer Hiscox, headquartered in Bermuda and listed on the London Stock Exchange, the firm stated it had recently learned of an information security incident.

Own systems safe

The incident affected a specialist law firm in the US that provided advice to Hiscox or its policyholders on some of its US commercial liability insurance claims. The incident involved illegal access to information stored on the law firm’s server, which may have included information relating to up to 1500 of Hiscox’s US-based commercial insurance policyholders. US small business online policyholders and all non-US policyholders are unaffected by this incident. The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by the incident.

Taking action

Hiscox state they promptly retained an IT security and forensics firm to assist with the investigation and analysis of affected information. The incident has been reported to law enforcement authorities in the US and UK, and additional security measures in relation to its own systems have been taken. The statement read: 'We take the security of client information seriously, and were very disappointed to learn about this incident. We are contacting those US commercial policyholders who may have been affected to provide further information and assistance.'