"251k Impacted by Data Breach at Insurance Firm Bay Bridge Administrators"

A third-party administrator of insurance products, Bay Bridge Administrators (BBA), is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach.  Recently the Austin, Texas-based administrator of employee benefit plans announced that, on September 5, 2022, it fell victim to a cyberattack that caused a network disruption.  A subsequent investigation revealed that, around August 15, 2022, a threat actor gained unauthorized access to the Bay Bridge Administrators network and used that access to exfiltrate certain data on September 3.  The company noted that on December 5, they determined that both personally identifiable information (PII) and protected health information (PHI) were exposed during the attack and started identifying the impacted individuals.  On December 29, the company started notifying the impacted individuals of the incident.  The compromised information includes names, addresses, birth dates, Social Security numbers, ID and driver's license numbers, and medical and health insurance information.  The company noted that the personal and protected health information involved was shared with BBA either by the individual, the individual's employer, and/or the individual's insurance carrier(s) in connection with enrollment in an employment insurance benefit plan for the calendar year 2022.  The company stated that it is unaware of any of the compromised data being misused.  On December 29, the company notified the Maine Attorney General's office that more than 251,000 individuals were impacted by the incident.

SecurityWeek reports: "251k Impacted by Data Breach at Insurance Firm Bay Bridge Administrators"