Erie Insurance says it is working with leading cybersecurity experts to restore access for customers, agents, and employees following a network outage.
“Unfortunately, incidents like this are becoming increasingly sophisticated and can impact even the most well-protected organizations,” an update from the company says. “Upon detecting unauthorized activity, we took immediate action to contain the issue and have since implemented additional security measures to further strengthen our systems.”
As of Tuesday afternoon, the company said it had control of its systems and had seen no evidence of ransomware or ongoing threat actor activity.
The company encouraged policyholders to follow best practices around personal security and notify their financial institutions of any unusual activity.
“During this outage, Erie Insurance will not contact customers by phone or email to request payments,” the update says. “As always, do not click on any links from unknown sources or share your personal information via phone or email.”
Policyholders who need to initiate a claim can contact their local agent or Erie’s First Notice of Loss team at 800-367-3743, according to the notice.
A June 11 update says that Erie Insurance’s Information Security team identified unusual network activity on June 7. It says immediate action was taken to safeguard the company’s systems and data.
On June 7, the same day that Erie was notified of the activity, the company filed a Form 8-K with the Securities and Exchange Commission, noting that it had identified the activity and determined it to be the result of an information security event.
Erie Insurance’s website first put out an alert on June 8. At the time, the alert only stated that a network outage was affecting all systems and did not mention a cybersecurity event. Notices on June 9 and June 10 reiterated that an outage was occurring, without mentioning the event.
The company first made mention of “unusual network activity” on June 11.
Erie has not published information on who it thinks the threat actors are.
John Hultquist, chief analyst for Google Threat Intelligence Group, sent a warning to the insurance industry Monday via an X post.
“Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry,” Hultquist said. “They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers.”
CybersecurityDive, a cybersecurity media publication, reports that Scattered Spider has a history of targeting specific industries in clusters and was previously linked to MGM Resorts and casino companies.
Collision repairers have posted on social media that they’ve noticed the Erie Insurance outage.
Last year, a ransomware attack on CDK rattled the dealership and collision repair industry. The attack caused the company to shut down its management system at 15,000 dealerships, which also caused disruptions to parts ordering and inventory management for collision businesses. The system remained shut down for nearly two weeks.
Collision industry officials discussed how a cyber attack on one business can ripple throughout multiple industries during the 2024 MSO Symposium in November.
The panel also discussed how every business should have a Business Continuity Plan (BCP) for when technology is no longer working.
“When something happens, everybody’s going to get involved,” said Jerry Davis, Microsoft software and digital platforms security officer, during the event. “The CEO’s involved, the board of directors is going to get involved; obviously, legal, your communications team. There has to be a plan for how you communicate internally and to customers.”
A recent Collision Industry Conference (CIC) panel also simulated a cyber attack on a small collision repair shop.
StoredTech led attendees through how an attack could happen, what would happen following an attack, and what businesses can do to stay protected.
IMAGE
Photo courtesy of JuSun/iStock
Share This:
