Cyber Incident Victim: Hartwig Moss Insurance Agency

Hartwig Moss Insurance Agency, a fifth-generation New Orleans business located on Canal Street, publicly disclosed a data breach on March 20, 2019, potentially impacting approximately 1,100 customers. The incident stemmed from a phishing attack that compromised two employee email accounts, though the exact timeline of the compromise and discovery remained unspecified in the company's announcement. Exposed information varied based on insurance policy types but primarily included names, dates of birth, and driver’s license numbers extracted from the agency's insurance accounts. A smaller subset of individuals had limited medical information accessed, specifically related to workers’ compensation commercial insurance policies. The agency did not disclose technical details regarding the phishing mechanism, duration of unauthorized account access, or whether data was exfiltrated versus merely exposed.

In response, Hartwig Moss published a breach notification on its website and issued a news release confirming the incident's scope and nature. The firm offered affected individuals complimentary identity monitoring services through Kroll, a third-party provider specializing in risk mitigation. No specifics were provided regarding internal security improvements, employee retraining, or regulatory reporting obligations stemming from the breach. The agency directed impacted customers to contact them directly for enrollment in monitoring services but did not clarify whether law enforcement was involved or if forensic investigations determined the attacker's identity or motives. Customer data exposure was confined to information stored within the compromised email accounts, with no indication of broader system infiltration or additional compromised records beyond the estimated 1,100 individuals.