Cyber Incident Victim: Sabre Insurance Group

On November 16, 2023, Sabre Insurance Group PLC experienced a cyber attack targeting its computer systems. The London-listed motor insurance underwriter detected unauthorized access attempts by an attacker seeking to infiltrate its network. The company activated its IT security controls immediately, which operated "promptly and effectively" to contain the breach before the intruder could reach sensitive areas of its infrastructure. Sabre engaged its retained IT security partner to assist with managing, assessing, and resolving the incident. By November 22, Sabre publicly confirmed the attack through regulatory filings and press statements, emphasizing that critical systems housing customer data remained uncompromised. The firm asserted no sensitive policyholder information was accessed or exfiltrated during the intrusion.

The LockBit ransomware group subsequently claimed responsibility for the attack on its dark web leak site, alleging a successful data breach and issuing a ransom demand. Sabre dismissed this claim as a potential scam, reiterating its forensic analysis showed no evidence of data theft or encryption of systems. Business operations continued uninterrupted, with customers able to modify policies, report claims, and purchase new coverage securely throughout the incident. Sabre anticipated no material financial impact from the event, citing robust containment measures and the absence of systemic compromise. The company maintained full regulatory compliance by disclosing the incident to relevant authorities while concluding its investigation without further escalation.