Aon, PLC Announces Data Breach After Learning an Unauthorized Party Had Access to Its Systems for Over a Year

Console and Associates, P.C.

Recently, Aon, PLC confirmed that the company experienced a data breach after learning that an unauthorized party had access to the company’s computer network for more than a year. According to Aon, the breach resulted in the names, Social Security numbers, driver’s license numbers and benefit enrollment information being compromised. On May 27, 2022, Aon filed official notice of the breach and sent out data breach letters to all affected parties. The Aon data breach is believed to have affected as many as 31,799 individuals.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Aon data breach, please see our recent piece on the topic here.

What We Know About the Aon Data Breach

The Aon data breach stems from a data security incident in which an unauthorized user gained access to the company’s servers. Evidently, Aon first learned of the incident on February 25, 2022. Immediately thereafter, Aon launched an investigation into the incident with the assistance of cybersecurity firms. This investigation confirmed that between December 29, 2020 – February 26, 2022, an unauthorized party was able to access the company’s IT system. The company was also able to determine that the unauthorized party “temporarily obtained certain documents containing personal information from Aon systems during this period.”

After learning an unauthorized party was able to access sensitive consumer data, Aon then reviewed all affected files to determine what information was compromised and which people were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number and benefit enrollment information.

On May 27, 2022, Aon sent out “Notice of Data Breach” letters to all 31,779 individuals whose information was compromised as a result of the incident.

More Information About Aon, PLC

Aon, PLC is a global professional services company based in London, England. Aon provides a wide range of risk-mitigation products, including insurance, pension administration, and health insurance plans. Founded in 1982, Aon operates in 120 countries and is traded on the New York Stock Exchange under the ticker symbol “AON.” Aon employs more than 50,000 people and generates more than $12 billion in annual revenue.

Do Companies Have a Legal Duty to Protect Consumer Information?

Yes, companies that store or maintain consumer data have a legal obligation to protect the information in their care.

For decades, even since the advent of the internet, companies had little to worry about in terms of data security issues. However, hackers have begun to develop sophisticated strategies to identify companies with weak data security measures. This enables cybercriminals to focus their efforts where they will yield the biggest returns. For consumers, this means an increased risk of identity theft and other frauds.

Given this reality, no longer can organizations passively store consumer data on their services and hope for the best. Today, businesses must implement robust data security systems to keep hackers and other cybercriminals at bay. Of course, most organizations understand the importance of taking all possible steps to avoid a data breach. However, as hackers develop new and more sophisticated ways of orchestrating cyberattacks, an organization’s duties become more demanding. Thus, organizations must continually update the data security measures they use to ensure they stay up-to-date against the most current threats.

Under state and federal data breach laws, businesses and other organizations that fail to provide adequate protections to consumers’ sensitive information can be held liable through a data breach lawsuit.

Data breach victims who want to learn more about their rights and whether they may be able to bring a data breach class action lawsuit should reach out to a data breach attorney for assistance.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide