Cyber Incident Victim: Zurich Insurance Company Ltd
Date:
Jan 2023
Location:
Japan
Summary
Zurich Insurance experienced a data breach involving personal information of approximately 757,463 current and former Japanese customers of its "Super Automobile Insurance" product, stemming from unauthorized access to an external service provider's systems. Exposed data included partial names, genders, birthdates, email addresses, policy numbers, customer IDs, and vehicle insurance details—excluding financial information or sensitive claims data. The incident was identified after customer records appeared on an overseas hacking forum, with initial claims of 2.6 million affected individuals later corrected by the company. Zurich confirmed the breach originated from its Japanese operations, notified financial regulators, established a dedicated customer support line, and stated no evidence of impact beyond local policyholders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 8, 2023, cybercriminals posted a dataset allegedly containing Zurich Insurance Company Ltd’s customer information on an overseas hacker forum, claiming it included 2.6 million records from the insurer’s Japanese operations. Zurich Insurance Japan detected this unauthorized disclosure on January 9, 2023, after receiving information about customer data appearing on external sites. An immediate investigation confirmed that a limited subset of personal information belonging to current and former customers of its "Super Auto Insurance" product had been compromised. The breach originated from a third-party service provider that suffered unauthorized access by external actors, though the precise intrusion method and full data exfiltration pathway remained under investigation. Exposed data fields included surnames (in kanji or katakana), gender, birthdates, email addresses, policy numbers, customer IDs, and vehicle insurance details such as car models and policy tiers. Sensitive information like credit card numbers, bank account details, or claims history was not included in the leaked dataset. Zurich Insurance Japan confirmed 757,463 individuals were affected, contradicting the hackers’ initial claim of 2.6 million compromised records. The company promptly reported the incident to Japan’s Financial Services Agency and established a dedicated customer helpline (0120-083-840) operational from 9 AM to 5 PM daily, including weekends and holidays, to address inquiries and advise customers to remain vigilant against suspicious communications.
Zurich Insurance Group’s Swiss media office publicly acknowledged the breach on January 9, clarifying that only Japanese customer data from a locally administered auto insurance product was impacted, with no evidence of compromise to non-Japanese customer records. The company attributed the leak to a security failure at an external vendor but did not disclose the vendor’s identity or technical specifics of the breach. While the hacker forum post coincided with a separate alleged breach involving 3.1 million records from Aflac Japan, Zurich emphasized its incident was distinct and contained to its own systems. Internal and external forensic investigations focused on determining the full scope of data exposure, preventing secondary misuse, and reinforcing security protocols for vendor-managed data. Affected customers began receiving individual notifications, though the company did not specify a timeline for completion. Zurich Insurance Japan committed to strengthening security measures for personal data handling and collaborating with regulators to ensure compliance with breach disclosure requirements. The incident remained confined to historical and current policyholders of a single insurance product, with no operational disruptions to Zurich’s broader services reported.