Letters posted to New Hampshire Department of Justice’s website reveal that The Hartford experienced an “information incident” detected on Feb. 28.
According to the March 10 letter addressed to the state’s Office of the Attorney General, “The Hartford detected a virus in its infrastructure that may have allowed a virus to capture the personal information of four New Hampshire residents. The particular virus at issue has the potential to capture information related to transactions conducted online. At this time, we are still unsure as to whether or not any personally identifiable information was capture but have no reason to believe that any information has been or will be misused.”
The letter states the insurer assembled a security event response team “to contain, control and assess the situation.” Those affected by the incident—mostly the insurer’s employees—will receive a free 2-year subscription to Equifax’s Credit Watch Gold with 3-in-1 Monitoring.
The Hartford noted that it will work with its anti-virus vendor to ensure system gaps are closed, and will provide additional privacy and information security training for employees to “warn them of the dangers of downloading files from unknown sources on the Internet.”
In a letter to the employees believed to have been affected by the virus infecting the insurer’s Windows server environment, The Hartford says that immediately following the Feb. 28 detection of the virus, which had infiltrated the systems on Feb. 22, the insurer identified all infected servers, worked with its anti-virus vendor to eradicate the virus, blocked the virus from reaching other servers and analyzed the impact.
Also in its March letter, The Hartford says, “The virus targets personal information such as banking information, login, passwords, social security numbers, credit card information, etc.
Calls and e-mails to The Hartford were not returned as of press time.