Ryan Specialty Group Provides Notice of Data Security Incident
Ryan Specialty Group has reported a data security incident affecting certain employee email accounts. The breach, which occurred between April 4 and April 20, 2021, involved unauthorized access to email accounts. Sensitive personal information, such as names, Social Security numbers, and financial data, may have been exposed, although it remains unconfirmed if it was viewed. In response, Ryan Specialty has taken measures to secure the accounts and is offering complimentary credit monitoring and identity protection services for affected individuals for 24 months.
- Ryan Specialty is offering 24 months of complimentary credit monitoring and identity protection services through Experian.
- Sensitive personal information, including Social Security numbers and financial data, was potentially exposed during the breach.
- The breach involved unauthorized access to employee email accounts, raising concerns about data security.
Ryan Specialty Group, LLC (“Ryan Specialty”) is providing notice of a recent data security incident. The following notice provides information about the incident, Ryan Specialty’s response, and resources available to help individuals protect their information from possible misuse, should they feel it necessary to do so.
What Happened? On or about April 17, 2021, Ryan Specialty became aware of unusual activity related to certain employee email accounts. Ryan Specialty immediately commenced an investigation to better understand the nature and scope of this activity. On April 27, 2021, it was determined that certain employee email accounts were accessed without authorization between April 4, 2021 and April 20, 2021. The investigation was not able to determine whether any specific emails in those accounts were accessed or viewed. In an abundance of caution, a programmatic and manual review of the contents of the email accounts was completed to determine whether sensitive information was present in the emails at the time of the incident. This process was completed on June 30, 2021 and it was through this process that Ryan Specialty determined that certain personal information for a limited number of individuals was accessible (although not necessarily actually accessed or viewed by unauthorized individuals) within the accounts at the time of this event.
What Information Was Involved? It cannot be confirmed whether information related to individuals was actually accessed or viewed during this event. However, Ryan Specialty is providing notice to potentially impacted individuals out of an abundance of caution. The information which was accessible within the email accounts included certain individuals’ names, driver’s license numbers, Social Security numbers, financial account information, passport numbers, medical information, health insurance information, government issued identification numbers, tax identification numbers, username/email and password, and dates of birth.
What We Are Doing. Ryan Specialty takes this incident and the security of personal information in its care seriously. Upon learning of this incident, Ryan Specialty moved quickly to investigate, respond, and assess the security of relevant systems. Ryan Specialty’s response included further securing the potentially compromised accounts by resetting relevant account passwords, blocking potentially malicious IP addresses, removing any suspicious emails from Ryan Specialty mailboxes, reviewing for and disabling any suspicious rules within Ryan Specialty mailboxes, and opening investigations with its email solutions and managed services providers to gain further insight into the incident. As part of Ryan Specialty’s ongoing commitment to the security of information, it is also reviewing existing policies and procedures to reduce the likelihood of a similar future event. Ryan Specialty also is offering access to complimentary credit monitoring and identity protection services for twenty-four (24) months through Experian to individuals whose personal information was accessible in the email accounts at the time of this incident.
What You Can Do. Individuals can find out more about how to protect themselves generally against the potential misuse of information by reviewing the guidance on Ryan Specialty’s website entitled Steps You Can Take to Protect Information. Ryan Specialty’s website can be accessed at www.ryansg.com, with the guidance found specifically through this link. The guidance provides additional information regarding fraud alerts and security freezes, as well as contact information for the nationwide consumer reporting agencies. Individuals will also find further information about the services Ryan Specialty is offering to eligible individuals on its website via the hyperlink above.
For More Information. If you have questions about this incident that are not addressed in this notice, please call our call center at (833) 327-5932, Monday – Friday from 6 a.m. to 8 p.m. PT and Saturday and Sunday from 8 a.m. to 5 p.m. PT (excluding major holidays).
About Ryan Specialty Group
Founded by Patrick G. Ryan in 2010, Ryan Specialty Group is a rapidly growing service provider of specialty products and solutions for insurance brokers, agents and carriers. Ryan Specialty Group provides distribution, underwriting, product development, administration and risk management services by acting as a wholesale broker and a managing underwriter. Our mission is to provide industry-leading innovative specialty insurance solutions for insurance brokers, agents and carriers.
View source version on businesswire.com: https://www.businesswire.com/news/home/20210813005432/en/
FAQ
What incident was reported by Ryan Specialty Group in August 2021?
What personal information was potentially exposed in the Ryan Specialty data breach?
How long is Ryan Specialty offering credit monitoring services for individuals affected by the data breach?
When did Ryan Specialty become aware of the data security incident?