Recently, Grundy got popped by hackers and info got stolen. Just so y'all are aware. I just read about it and went to change my password but...was met with a partially shut down system.

More on this:

PHLY.com Down Outage

Be vigilant. Be aware. Be careful out there.

 

Thanks, I’ll be checking.

 

I’ll have to look, haven’t heard anything from Grundy.

 

I suppose this only matters if you have an online account with them. I never set that up as I have no need to do things with them online.

 

But the data they have on you is on their server. So social security numbers and potentially other sensitive information might be compromised anyway. I don’t know for sure but the possibility still exists.

 

I never gave Grundy my SS number. Why would that even be asked for car insurance? My classic car insurance company doesn’t have any of my sensitive information.

 

I bet they at least have your DL number, if not more.

I went to an insurance company last week for an auto policy quote. I gave them just my DL to verify who I was, and they pulled up on the screen every registered vehicle I own, with VINs and everything and asked which vehicle(s) I was interested in getting a quote for. They also pulled up everyone who has a valid DL that lives at the house. And I've never talked to these guys before. I am amazed at the information they collect on you and how easy it is to access. He did ask me for a social security number to which I'm guessing it was for credit report/score request.

Sometimes insurance companies pull credit reports/scores before issuing policies to help determine rates and verify driving records, etc. I suppose it really depends on the state laws. I honestly don't recall if they did or not when I applied at Grundy. If they have no information like checking account numbers from a check you wrote them or any of that, then you should be golden. I personally use a targeted virtual credit card to pay my insurance bill, but it's only good at Grundy's insurance. So the only thing they can do with that is buy more Grundy insurance in my name.

If you're not the least bit concerned about it, I'm certainly not going to be. It's just a PSA. If it doesn't apply, good for you.

 

They never contacted me, either. I just read an article online about hackers and saw Philidelphia Insurance Co. name in the mix as one of the companies hit. So I went to the website and found the informational link above.

 

As an IT professional, any type of an intrusion into a companies servers CAN serve as an attack vector into their entire company. Once you gain a root level access you can begin to navigate the entire network.

Usually a breach is discovered after the fact so the attackers have had an undetermined amount of time to get access to as many systems as possible.

That being said, it's a pretty poor company security department if attackers can navigate too deep into the network before detection.

About a decade ago, I worked at a large multinational healthcare company that was breached at their large Tax Accounting division. Our completely unrelated and not directly mixed systems were all infected. Everyone's laptop had to have their hard drive reformatted and all software reinstalled. What a cluster****.

Long story even longer, I was on vacation and had one of the only non infected systems so I had to work a ton of support hours that week in addition to helping reinstall all the software. Documents on your hard drive, forget about it, gone forever.