Empire responds to data breach

Visibility360, PDF version to share

By Andrew Rickard | June 21, 2016, 1:26 p.m.

EMPIRE LIFE | Analytic

Empire Life is responding to a data breach that may have affected a number of its customers.

Late last year, the insurer was the the victim of an email phishing incident in which an unauthorized source gained temporary access to ten internal employee email accounts. In phishing, a third party impersonates a trustworthy individual or organization and tricks people into supplying personal information such as usernames and passwords.

Empire says its information technology department identified the affected email accounts within minutes of the event and took steps to contain the incident. The Office of the Privacy Commissioner and Canadian Anti-Fraud Centre were also notified. In a message posted to its web site on June 17, the insurer revealed that it is continuing its internal investigation to determine what information the perpetrator may have accessed.

No evidence

"To date, there is no evidence that personal customer information has been used inappropriately," says Empire. "However, it is possible that personal customer information in the affected email accounts may have been viewed by an unauthorized third party. The personal information that may have been viewed varies from case to case depending on the email account, but could include fund values, dates of birth, addresses, medical information related to applications and claims, and social insurance numbers."

How to avoid phishing incidents

The company has created a web site (www.empireupdate.ca) to provide customers with more information about this incident, including steps they can take to further safeguard their personal information, and suggestions on how to avoid phishing incidents in their own email accounts.

“The security of our customers’ personal information is extremely important to us,” comments Empire’s president and CEO Mark Sylvia. “Empire Life has taken a number of steps to enhance IT security, including implementing new technologies and enhancing internal awareness and education training programs designed to help employees recognize and prevent phishing attempts.”