Aon has disclosed a data breach that potentially exposed sensitive information affecting almost 146,000 of its North American customers.
The British multinational financial services firm that sells a range of risk-mitigation products announced that hackers breached its systems “at various times” from December 29 2020 to February 26 2022
Aon disclosed the breach in a Securities & Exchange Commission filing in February and more details were disclosed three months later in May.
In a letter dated May 27, Aon told affected individuals that the exposed personally identifiable information includes driver’s license numbers, Social Security numbers and in a small number of cases, benefits enrolment information.
The firm has taken measures to confirm that the unauthorized third party no longer has access to the data and Aon has no indication the unauthorized third party further copied, retained or shared any of the data.
All the impacted customers were offered 24-month membership with an identity-protection firm.
Due to the data breach Aon faces at least two lawsuits from plaintiffs and two complaints seeking class-action status were filed in Chicago in recent days.
According to the complaint, in addition to the defendant’s failure to prevent the data breach, after discovering the breach, the defendant waited several months to report it to affected individuals. Due to its delayed response, plaintiffs and class members had no idea their (personally identifiable information) had been compromised, and that they were at significant risk of identity theft and various other forms of personal, social and financial harm.
An Aon spokesperson claimed that they have hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach.
The investigation is complete and they have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained.