Consumer Data Breach Alert: Arthur J. Gallagher & Company

Console and Associates, P.C.

Recently, Arthur J. Gallagher & Co. announced what appears to be an enormous data breach, resulting in an unauthorized person accessing the personal, identifying and financial information of hundreds of thousands of people. In September 2021, Arthur J. Gallagher & Co. issued a series of data breach notification letters to more than two million individuals, informing affected parties that their information may have been accessed by an unauthorized party. However, the company first discovered the data breach in September 2020. This type of data breach subjects affected initials to the risk of identity theft and other financial losses. The Arthur J. Gallagher & Co. data breach is particularly startling, due to the number of people impacted as well as fact that the compromised information included the full names, addresses, Social Security numbers, and financial account information of those impacted by the breach.

If Arthur J. Gallagher & Co. recently sent you a data breach notification letter, it means that some of your personal may have been accessed by an unauthorized third party. While the receipt of this letter does not necessarily mean the unauthorized party will attempt to steal your identity, use your credit cards, or open fictitious accounts in your name; these are all possibilities. Thus, it is crucial that you take the necessary steps to protect yourself, even if you have not yet noticed any signs of identity theft or fraud.

Is Arthur J. Gallagher & Co. Financially Responsible for a Data Breach?

When trusted Arthur J. Gallagher & Co. with your information, you couldn’t have expected that it would result in your personal and financial data ending up in the hands of a total stranger. Yet, that appears to be what happened. Companies like Arthur J. Gallagher & Co. are legally obligated to implement safeguards against hackers and cyberattacks, and while most companies take this responsibility seriously, unfortunately, that isn’t always the case. When a company mishandles your information, and it results in a data breach, you may be able to hold the company financially liable. While it is too early to tell if Arthur J. Gallagher & Co. took the necessary precautions to safeguard your data, our data breach lawyers are currently investigating whether there is a possible class action lawsuit against Arthur J. Gallagher & Co. based on the recent data breach. If you have questions about your ability to bring an Arthur J. Gallagher class action lawsuit, it is important you reach out to a data breach lawyer as soon as possible.

Steps You Can Take to Protect Yourself in the Wake of the Arthur J. Gallagher & Co. Data Breach

While there many types of data breaches, they all share one thing in common: your private information is compromised. While data breaches don’t always result in identity theft, the information obtained through a data breach is often used for criminal purposes. If you received a letter from Arthur J. Gallagher & Co. indicating that you were among those whose information was compromised, it is essential you are proactive to avoid serious problems in the future. Consumer privacy lawyers recommend victims of a data breach take the following steps to protect themselves:

  1. Read the entire Arthur J. Gallagher & Co. data breach letter to determine the extent of the compromised information;
  2. Keep a copy of the data breach notification letter your records;
  3. Sign up for free credit monitoring offered by Arthur J. Gallagher & Co.;
  4. Change passwords to all online accounts;
  5. Frequently check your credit card and bank account statements for any signs of fraud or other unauthorized activity;
  6. Carefully monitor your credit report for any sudden or unexpected changes;
  7. Contact one of the three credit bureaus to request they add a fraud alert to your account; and
  8. Notify all banks and credit card companies of the data breach.

About Arthur J. Gallagher & Co.

Arthur J. Gallagher & Co. is an insurance and risk management company serving businesses of all sizes. The company also offers business consulting services to corporate clients. Arthur J. Gallagher & Co. has a global presence, operating in 150 countries and employing more than 34,000 people. The company was founded by Arthur J. Gallagher in Chicago, Illinois in 1927. Most recently, Arthur J. Gallagher & Co. generated more than $7 billion in annual revenue.

More Info About the Arthur J. Gallagher & Co. Consumer Data Breach

On September 26, 2020, Arthur J. Gallagher & Co. first detected that a hacked had installed ransomware on some of the company’s internal systems. After engaging a cybersecurity firm, the company determined that an unauthorized party accessed or acquired consumer data that was stored on the company’s network between June 3, 2020 and September 26, 2020.

In September 2021, the company issues a series of data breach notifications, all stemming from the ransomware incident. In total, there were at least seven different data breaches, which impacted more than two million current and former customers. While Arthur J. Gallagher & Co. is still investigating the scope of the breach, the compromised information may include:

  • First names,
  • Last names,
  • Full mailing addresses,
  • Social Security numbers,
  • Driver’s license numbers, and
  • Credit card information,
  • Debit card information,
  • Other financial account information.

Below is a copy of the Arthur J. Gallagher & Co. data breach letter (the actual notice sent to consumers can be found here). Note that elements contained within “<<” and “>>” may have been specific to each customer.

Dear [Consumer],

Arthur J. Gallagher & Co. (“Gallagher”) is an insurance broker providing services to its clients and partners, and writes to notify you of an incident that may affect the privacy of some of your information. While we are unaware of any actual or attempted misuse of your information relating to this incident, we want to provide you with details regarding the incident, our response, and resources available to you to help protect your information from possible misuse, should you feel it is appropriate to do so.

What Happened?

On September 26, 2020, Gallagher detected a ransomware event impacting our internal systems. We promptly took all our systems offline as a precautionary measure, initiated response protocols, launched an investigation with the assistance of third-party cybersecurity and forensic specialists, implemented our business continuity plans to minimize disruption to our customers, and ensured the ongoing security of our systems. We worked with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected. Our investigation determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020. While the investigation was able to confirm that certain systems were accessed, it was unable to confirm what information within those systems was actually accessed. Therefore, in an abundance of caution, Gallagher conducted an extensive review of the entire contents of the impacted systems. On May 24, 2021, Gallagher’s investigation confirmed that the impacted data included information relating to certain individuals. Gallagher continued to work through June 23, 2021 to notify our business partners and to obtain address information for impacted individuals to provide accurate notice to impacted parties.

What Information Was Involved?

Although we are unaware of any actual or attempted misuse of your information, we are providing you this notification in an abundance of caution because certain information relating to you was accessed or acquired during this event. The impacted information relating to you includes your <>.

What Are We Doing.

The privacy and security of information are among one of our highest priorities and Gallagher has strict security measures in place to protect information in our care. Upon discovering this incident, we immediately took steps to protect the privacy and security of client, partner, and employee information. We also reviewed existing security policies and implemented additional measures and enhanced security tools to further protect information in our systems. We also implemented additional safeguards and are providing additional training to our employees on data privacy and security. We reported this incident to law enforcement and regulatory authorities, as required by law.

In addition to providing notice of this event to you, we are also providing you access, at no cost, to identity and credit monitoring services for twenty-four months through Kroll. Information and instructions on how to activate these complimentary services can be found in the “Steps You Can Take to Help Protect Your Information” attached to this letter.

What Can You Do.

While Gallagher is unaware of any actual or attempted misuse of any information as a result of this incident, we nonetheless encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. You may review the information contained in the attached “Steps You Can Take to Help Protect Your Information.” You may also activate to receive the identity and credit monitoring services we are making available to you. There is no charge to you for the cost of this service; however, you will need to activate yourself in this service.

For More Information.

We recognize that you may have questions not addressed in this letter. If you have additional questions, please call our dedicated assistance line at 1-855-731-3320 (toll free), Monday through Friday, 8:00 a.m. to 5:30 p.m., Central Time.

We sincerely regret any inconvenience this incident may cause you. Protecting information entrusted to Gallagher is very important to us, and we remain committed to safeguarding the information in our care.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.