The insurance company Ergo hestia informed its clients about an unauthorized deletion of a database with one of its agents.

The above incident concerns an agent of Ergo Hestia - the company Unlink Inc., in which an unauthorized interference by the IT administrator was found, as result of which the auxiliary database with customer data was lost. Unlink Inc. is a multiagency serving clients of multiple insurance companies. It can therefore be presumed that the problem with the exposure of sensitive customer data also applies to other companies.

The scope of the lost database included customer data such as first and last name, home address, date of birth, gender, social security number, phone number and email address. Ergo Hestia does not exclude that lost data was not simply deleted, but copied and used by unauthorized persons.

The case was reported to the President of the Office for Personal Data Protection, as well as the prosecutor’s office.
Ergo Hestia, in its statement, emphasizes that as a result of the breach by the agent a security check was conducted, which led to an update in security credentials for IT system users. A security audit is also planned.