Virginia Says 172K Former Licensed Agent Records May Have Been Breached

Virginia’s State Corporation Commission (SCC) is advising former licensed insurance agents of the potential improper access to their personal data by a former contractor.

The suspected compromise of personal data pertains to archived Bureau of Insurance records of insurance agents whose licenses expired or became inactive anytime from 1979 – 2004. The records included all license types, resident and nonresident, and property/casualty as well as life & health.

The SCC told Insurance Journal that records of approximately 172,000 former licensed agents may have been potentially affected.

The SCC said preliminary findings indicate the former contractor may have copied these agent files. The files accessed contained names and social security or driver’s license information of these former licensees.

The SCC issued a notification on June 10 in accordance with state law so that affected persons can take precautionary steps to protect their identity. The SCC said it is taking additional steps to attempt to contact affected former agents directly via mail. And, as required by law, SCC staff is working closely with state authorities on this matter.

While an investigation continues, it is unclear at this time how or if the personal agent data was used, the SCC said, adding that the commission issued the notification out of an abundance of caution.

The SCC is encouraging affected former licensees to take steps to protect their personal privacy by obtaining a copy of their credit report or checking for any unusual activity on their bank or other financial accounts. Former agents with questions regarding the notification may contact the Bureau of Insurance.

The SCC said it obtained the services of a leading information technology forensics and security organization to assist with its ongoing investigation. The commission said it has and will continue to take affirmative steps to review and revise security standards, processes, procedures and best practices to minimize any future risk of improper access to SCC data.