Cyber Incident Victim: Petersen International Underwriters
Date:
Dec 2021
Location:
United States of America
Summary
Petersen International Underwriters experienced a data breach where an unauthorized party accessed sensitive consumer information, including names, Social Security numbers, and financial account details. The incident disrupted employee network access, prompting the company to secure affected systems, engage cybersecurity experts for investigation, and later confirm compromised documents. After identifying impacted individuals and the specific data exposed, notification letters were distributed following a multi-month review process attributed to investigative coordination with law enforcement and scope determination challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 20, 2021, Petersen International Underwriters (PIU) experienced a data security incident that disrupted employees’ access to the company’s computer network. The Valencia, California-based insurance provider immediately took affected systems offline, secured its network, and engaged third-party cybersecurity specialists to investigate the unauthorized access. The investigation confirmed an unauthorized actor had accessed a limited number of documents stored on PIU’s systems. Following this discovery, PIU initiated a comprehensive review of compromised files to identify affected individuals and determine the scope of exposed data. The review concluded on April 7, 2022, revealing that compromised information included names, Social Security numbers, and financial account details such as bank account and credit card numbers. The specific data types varied by individual, with the breach impacting an undisclosed number of consumers. PIU filed official breach notifications with various state governments and mailed individualized data breach letters to affected parties on July 14, 2022—seven months after initial detection. The company operates as a specialty insurer for clients unable to obtain coverage elsewhere, holding licenses across all 50 U.S. states, Washington D.C., and Canada, with over 50 employees and approximately $46 million in annual revenue.
The delayed notification timeline between December 2021 and July 2022 stemmed from multiple factors, including the time required to complete the forensic investigation, analyze compromised files, and identify affected individuals. While PIU did not specify all reasons for the seven-month gap, potential explanations cited in the incident report include law enforcement requests to withhold public disclosure during active investigations—a measure intended to prevent alerting perpetrators—and operational challenges in determining the breach’s full scope. The compromised data exposed victims to heightened risks of identity theft and financial fraud, given the sensitivity of Social Security numbers and direct financial account information. PIU’s containment response involved immediate network isolation and system security enhancements, though the technical specifics of the attacker’s entry vector and duration of access remained undisclosed. No evidence suggested data misuse occurred during the notification delay, but the incident underscored vulnerabilities in handling specialized consumer data within niche insurance markets. The breach notification letters provided individualized confirmation of impacted data elements without disclosing aggregate victim counts or detailed forensic findings.