Centerstone Insurance and Financial Services, d/b/a BenefitMall (“the Company”) is notifying consumers of a data security incident that may have exposed some of their personal information. Based on the company’s current review, BenefitMall has no indication that any information has been used inappropriately. However, out of an abundance of caution, the company wanted to provide information on the incident and provide recommendations on steps impacted individuals can take to help protect their information.
What Happened?
On October 11, 2018, the company became aware of an email phishing attack that exposed employee email login credentials. While the dates of the unauthorized access vary, the issue generally occurred between June 2018 and the discovery date.
Who Is BenefitMall?
BenefitMall is a company that helps employers deliver workplace solutions such as administering payroll and employee benefits. Given the nature of this work, BenefitMall would have access to consumers’ personal information by nature of services provided to their employers and/or health plans.
What Information Was Involved?
Emails in the affected mailboxes may have included consumers’ names, addresses, Social Security numbers, dates of birth, bank account numbers, and information relating to payment of insurance premiums.
What the Company is Doing
BenefitMall takes the privacy and security of personal information very seriously. Once BenefitMall learned of this issue, the company immediately initiated an internal review. The company also retained a top computer forensics firm to help conduct a thorough investigation of the incident and remediate BenefitMall’s systems. BenefitMall has also reported the incident to law enforcement and will continue to work closely with them during their review.
To help prevent a similar type of incident from occurring in the future, the company has implemented additional security measures designed to protect employee email accounts and consumer information, including two-factor authentication for access to its email system. The company has also undertaken an employee education initiative to inform employees about phishing scams and how to guard against them, and will continue to deliver additional employee training about email safety and recognizing phishing emails. The company will also continue to cooperate with insurance providers and state regulators as appropriate.
What Impacted Individuals Can Do
While the company has no indication that any information has been used inappropriately, out of an abundance of caution, BenefitMall wanted to provide information on steps that may help to guard against fraud or identity theft.