Cyber Incident Victim: Essent
Date:
May 2024
Location:
Netherlands
Summary
A ransomware attack targeted AddComm, a third-party provider handling paper communications for Essent, potentially compromising data belonging to a small subset of customers receiving physical mail. The company confirmed all systems and data connections were secured following the incident, with investigations indicating a low likelihood of data misuse. Affected customers were notified directly, and authorities were informed as part of the response. The incident prompted warnings for customers to verify the authenticity of mailed communications by checking identifiers like customer numbers and logos. The company emphasized existing security measures and encouraged vigilance against potential phishing attempts or fraudulent schemes exploiting the situation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 17, 2024, AddComm, a third-party vendor responsible for distributing paper communications on behalf of Essent, experienced a ransomware attack. This incident potentially compromised the personal data of a very small subset of Essent customers who receive physical mail through AddComm’s services. Essent confirmed that unauthorized access to customer information occurred during the breach, though the company emphasized the limited scope of affected individuals. Following the attack, Essent and AddComm initiated an investigation to assess the extent of the compromise and implemented immediate containment measures, including temporarily suspending all data connections between the organizations to prevent further unauthorized access. The compromised systems and data links were fully restored after security protocols were verified.
The joint investigation concluded that the likelihood of misuse of the exposed customer data remained low, though Essent proactively notified all potentially impacted customers via physical letters advising them to scrutinize mail purportedly from Essent for authenticity markers such as correct logos and customer numbers. Essent reported the incident to relevant regulatory authorities in compliance with data protection obligations. The company’s internal security team reinforced existing privacy and cybersecurity measures, though specific technical details about the ransomware variant, initial attack vector, or data exfiltration methods were not disclosed. Essent directed customers to AddComm’s website for additional breach-related information while maintaining standard customer service channels for inquiries. No disruptions to Essent’s core energy services or digital platforms were reported as a direct result of the incident.