Cyber Incident Victim: Accident Fund

Accident Fund, a Lansing, Michigan-based insurance company, began experiencing cyber-related disruptions in late June 2024, culminating in a confirmed cybersecurity incident announcement on June 1, 2024. The company’s initial public communication referenced only a generic “system issue” on a minimally functional webpage, which lacked operational details. Subsequent updates confirmed the event as a cybersecurity incident but emphasized no evidence of unauthorized access to or exfiltration of customer information. Accident Fund’s IT security team initiated an investigation with support from forensic experts, though the specific attack vector, intrusion timeline, or attacker identity remained undisclosed. Core business systems were taken offline as a containment measure, forcing the organization to transition operations to phone and email-based workflows.

The incident caused sustained operational disruption, with Accident Fund’s online systems remaining offline indefinitely as of the latest update. The company revised its website to provide limited incident-related FAQs, acknowledging reliance on manual processes for claims and customer service. No ransomware claims, data leak threats, or financial impacts were disclosed. Accident Fund maintained that customer data integrity was preserved but did not specify whether employee data, underwriting systems, or third-party networks were affected. Restoration timelines were undefined, with the investigation ongoing and no public attribution to specific threat actors. Business continuity measures focused on maintaining core insurance functions through alternative channels while forensic work and system repairs proceeded.