Petersen International Underwriters Files Notice of Data Breach Following December 2020 Cyberattack

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Petersen International Underwriters (“PIU”) filed an official notice of a data breach with various state governments following an incident in which an unauthorized party gained access to sensitive consumer data on the company’s network. According to the PIU, the breach resulted in the names, Social Security numbers and financial account information belonging to certain individuals being compromised. On July 14, 2022, PIU filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Petersen International Underwriters data breach, please see our recent piece on the topic here.

What We Know About the Petersen International Underwriters Data Breach

According to an official notice filed by the company, on December 20, 2021, Petersen International Underwriters experienced a data security incident impacting employees’ ability to access the company’s computer network. In response to learning about the potential threat, PIU took the affected systems offline, secured its network, and began working with third-party cybersecurity specialists to investigate the incident. The investigation confirmed that an unauthorized actor gained access to a limited number of documents stored on the PIU system.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Petersen International Underwriters began to review all affected files to determine who was impacted by the incident and what information was compromised. PIU completed its review of the files on April 7, 2022, and while the breached information varies depending on the individual, it may include your name, Social Security number and financial account information, such as bank account number or credit card number.

On July 14, 2022, Petersen International Underwriters sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Petersen International Underwriters

Petersen International Underwriters is an insurance company based in Valencia, California. PIU operates in a unique area of the insurance industry in that it serves customers who were unable to obtain coverage elsewhere. Petersen International Underwriters is licensed in all 50 states, Washington D.C. and Canada. Petersen International Underwriters employs more than 50 people and generates approximately $46 million in annual revenue.

Why Do Companies Wait to Report a Data Breach to Consumers?

Petersen International Underwriters first learned that it was the target of a cyberattack in December 2021. However, it wasn’t until more than seven months later that the company provided notice of the breach to consumers. Given the threat that data breaches pose to victims, and the fact that hackers often try to use any data they obtain as soon as possible, many wonder why it takes companies so long to report a data breach.

The answer to this question is not a simple one. In some cases, there may be good reason for a company holding off on notifying consumers. For example, In some cases, state or federal law enforcement agencies ask a business to wait on reporting a breach while they investigate who may have orchestrated the attack. The rationale behind this is that by reporting the breach, a company may give criminals a heads up that law enforcement knows about the breach and is on the lookout for anyone who uses data obtained as a result of that specific breach. Thus, by keeping a breach secret, the company enables law enforcement to conduct a thorough investigation in hopes of catching those responsible.

However, some of the other reasons for a delayed report are less understandable. In some situations, a company that experiences a cyberattack may not realize that consumer data was leaked. Of course, if a company performs an in-depth investigation into the incident, it should be able to detect whether consumer information was compromised.

Another reason for late-filed notice of a data breach relates to the challenges companies face when trying to identify the scope of the compromised information. For example, a company may recognize it was the victim of a cyberattack, know that consumer data was accessible by an unauthorized party, but not know which consumers were affected and what data types were leaked. However, responsible companies that find themselves in this situation provide a general notice of the data security incident, often on their website, to give consumers a heads up that their information may have been compromised.

In the wake of a data breach, prompt action is critical to preventing identity theft and other frauds. Thus, companies should make every effort to provide prompt notice of a breach so consumers can ensure they have the opportunity to protect themselves.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide