CII warns of data breach impacting 20% of customers

Around 20% of the Chartered Insurance Institute’s (CII) customers records have been accessed in a data breach by a malicious third party, the CII has warned.

Customers are advised to “remain vigilant for suspicious activity”.

The data impacted for the affected individuals was their name (or names of firms), address and/or email address, telephone number(s) and date of birth. No financial information was accessed.

The CII has contacted all those who were impacted by this incident. The CII said that if customers haven’t heard from it, they were not affected.

Alan Vallance, the CII’s chief executive, said:

“We recently identified that the CII’s IT systems had been accessed by an unauthorised third party. We immediately took steps to secure our systems and appointed external IT experts to investigate the incident and identify any impact on our members’ and customers’ personal data. We also reported the incident to the ICO.”

He added: “Given that this information was already likely to be in the public domain, the advice we have received is that there is very low risk to members and customers affected. However, we have informed them in the spirit of openness and transparency.”

The CII has undertaken a detailed review of its security systems and testing protocols in light of this incident and made improvements.