Helvetia Caser has communicated a security breach to its clients that would have compromised personal data after unauthorized access to an unidentified external provider. The insurer sent the notice last Saturday via an email with the subject "important notice about personal data", signed by the CEO of Helvetia Spain, Juan M. Estallo Lasheras.
In that message, the company acknowledges that the intrusion could have affected certain personal data of some customers. Among the potentially exposed information are identification data, contact data, and bank account numbers.
Sale of an alleged database on a cybercrime forum
The case has come to light after the threat actor Jenk announced the sale of a database on DarkForums, a forum linked to cybercrime activities. For now, the company has not publicly identified the affected external provider nor has it specified how many customers could be involved.
The communication sent to the insured places the origin of the incident in an unauthorized access suffered by that third party. The company maintains that it is acting in response to what happened and that it has already activated the corresponding response measures.
Potentially compromised data
The information that could have been affected includes different categories of a personal nature. Specifically, the insurer mentions these data typologies
- Identification data
- Contact data
- Bank account numbers
The company does not specify in its communication if the breach has resulted in fraudulent use of that information nor if the massive extraction of records has been confirmed. Nor does it detail, for the moment, the territorial scope of the incident.
Notification to the authorities and notice to the clients
Helvetia Caser maintains that the incident has been duly notified to the competent authorities within the legally established deadlines. Along with the notice, the company has enabled a specific telephone service channel to resolve doubts of potentially affected customers.
Additionally, it has requested to take extreme precautions against possible fraud attempts by email, SMS messages or telephone calls. The recommendation comes after the possible exposure of contact and banking data has been confirmed, especially sensitive information in identity theft campaigns.
"Helvetia Caser regrets any inconvenience this incident may cause you and reiterates its firm commitment to the protection and security of its clients' personal data" - Helvetia Caser
The incident remains open awaiting clarification of the real volume of affected clients and the scope of the compromised information. Meanwhile, the insurer keeps active the enabled support channel and asks its policyholders to carefully review any suspicious communication they receive in the coming days.