Hartwig Moss Insurance Agency

Hartwig Moss Insurance Agency, also known simply as Hartwig Moss, operates as an insurance agency headquartered in the United States of America. The firm provides insurance products to individuals and businesses, with its service portfolio indicated by the types of data it handles in the course of underwriting and policy administration. Information accessed during a security incident revealed that the agency maintains records containing customers’ names, birthdates and driver’s licence numbers, which are standard personal identifiers used in insurance applications and policy management. Additionally, the breach noted that limited medical information was accessed for a small subset of individuals related to workers’ compensation policies, suggesting that the agency offers workers’ compensation coverage as part of its offerings. As an insurance agency, Hartwig Moss likely acts as an intermediary between insurers and policyholders, facilitating the placement of coverage, claims processing and related administrative functions. The organization’s public identifiers include the aliases Hartwig Moss and Hartwig Moss Insurance Agency, and its principal place of business is situated within the United States.

On March 20, 2019, Hartwig Moss Insurance Agency experienced a data breach that originated from a phishing attack compromising the email accounts of two employees. The unauthorized access potentially exposed the personal information of approximately 1,100 customers, a figure explicitly cited in the breach disclosure. The compromised data primarily consisted of names, birthdates and driver’s licence numbers drawn from insurance accounts, with a limited amount of medical information accessed for a small number of individuals whose records pertained to workers’ compensation policies. In response to the incident, the organization offered affected customers complimentary identity monitoring services through the third‑party provider Kroll, a step intended to mitigate potential misuse of the exposed data. Notably, the agency did not disclose the timeline of when the compromise began or when it was discovered, leaving the exact duration of the unauthorized access unspecified. The breach underscored the sensitivity of the personal identifiers collected in the course of insurance underwriting and highlighted the importance of safeguarding employee email credentials against phishing threats.