Keenan warns 1.5 million people of data breach after summer cyberattack



Keenan is a California-based insurance brokerage and consulting firm with an established presence in the education, healthcare, and public agencies sectors. Since 2017, it has been part of AssuredPartners NL, one of the largest brokerage firms in the U.S.

The company submitted a notification to the Office of the Maine Attorney General, warning that 1,509,616 people were impacted by a data breach incident that occurred in the summer of 2023.

"On Sunday, August 27, 2023, we discovered certain disruptions occurring on some Keenan network servers," reads the notification.

"We immediately began an investigation and engaged leading third-party cybersecurity and forensic experts to assist."

"The investigation determined that an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023, and that the unauthorized party obtained some data from Keenan systems."

The data that the network intruders obtained from Keenan's systems includes the following details:

• Full name
• Date of birth
• Social Security number (SSN)
• Passport number
• Driver's license number
• Health insurance information
• General health information

The exact types of information exposed in this incident vary per individual, depending on their relationship with the firm. From the above, the breach appears to impact both customers and employees.

The repercussions of having the above data exposed are potentially significant, including elevated risks for identity theft, financial fraud, phishing attacks, and health insurance fraud.

Keenan says it has implemented measures to enhance the security of its network, internal systems, and applications and is evaluating potential additional steps in that direction.

Recipients of the notification are recommended to take advantage of the free two-year identity theft protection service offered through Experian and stay vigilant for suspicious account activities and unsolicited communications.

Source: bleepingcomputer.com