Cyber Incident Victim: Relation Insurance
Date:
Aug 2019
Location:
United States of America
Summary
Relation Insurance experienced unauthorized access to an employee's email account over a two-day period, discovered during routine monitoring. The breach exposed sensitive personal and medical information, including names, Social Security numbers, financial account details, medical histories, treatment records, and insurance information. Following detection, the company secured the compromised account, initiated an investigation with third-party forensic specialists, and conducted a comprehensive review of affected data. While no actual misuse of information was confirmed, notifications were sent to insurance provider partners as a precautionary measure. The organization implemented enhanced email security protocols and reported the incident to law enforcement as part of its response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 15, 2019, Relation Insurance detected unusual activity in an employee’s email account, prompting immediate securing of the account and initiation of an internal investigation assisted by third-party forensic specialists. The investigation determined unauthorized access occurred between August 14 and August 15, 2019, though the identity of the intruder remained unknown. Relation conducted a comprehensive review of the email account’s contents to identify exposed personal information, completing this phase by October 16, 2019. Following this confirmation, the company cross-referenced its files to determine affected business partners associated with the compromised data. Notification to insurance provider partners occurred on December 13, 2019, approximately four months after initial detection. Relation emphasized no evidence of actual or attempted misuse of data had been identified at the time of disclosure. The incident was reported to law enforcement, though specific agency details were not disclosed in public statements.
The compromised email account contained extensive personal and sensitive information including identifiers (names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, passport numbers, driver’s license/state ID numbers), financial data (account/routing numbers, financial institution names, credit/debit card details with PINs and expiration dates), and protected health information (treatment details, prescriptions, provider names, medical record/patient IDs, health insurance data, treatment costs, medical history, diagnosis/procedure codes, treatment locations, admission/discharge dates, medical device numbers, and dates of death). Relation implemented enhanced email security measures following the breach and reaffirmed existing security protocols. The company maintained all impacted parties were business partners rather than direct customers, though specific partner names or total affected individuals were not disclosed in the public notification. No ransomware involvement or data deletion was indicated in available disclosures.