The Hilb Group Operating Company is an insurance brokerage serving all 50 states. They employ over 2,100 employees and offer commercial service options for many industries. Hilb’s wide-reaching influence has made them a prime target for harassment, as indicated by their recent data breach.
According to the data breach reported on the California Attorney General’s website, an employee data breach occurred involving several employee email accounts. An unauthorized actor entered the accounts, and eventually, Hilb noticed suspicious activity--almost a month later. Nothing else speaks to how the attacker accessed the various employee accounts.
Hilb’s timeline starts around December 1st, 2022; the assailant presumably accessed the first email account that day, leading to subsequent email theft. On January 12th, they expelled the unauthorized party and commenced an internal review. Around July 28th, the review finished, and they began sending notices on or about October 9th. Almost a month later, their filings appear on the state Attorney General’s websites.
There are no indications about who the breach targets. Further, because Hilb serves a variety of industries, it’s too early to determine long-term impacts. Unless you have an immediate relationship with Hilb, your data may not be at immediate risk from this breach.
The number of affected files is not public, nor is the area where they are from; subsequently, the files may belong to any account with a direct relationship with Hilb. Anyone with a relationship with Hilb should monitor their accounts closely and consider defensive action.