Erie Insurance is collaborating with leading cybersecurity experts to restore access for customers, agents, and employees following a network outage caused by unauthorized activity on its systems. The company detected the unusual network activity on June 7 and immediately took action to safeguard its systems and data. Erie Insurance filed a Form 8-K with the Securities and Exchange Commission on the same day, noting that it had identified the activity and determined it to be the result of an information security event.
As of Tuesday afternoon, Erie Insurance stated that it had regained control of its systems and found no evidence of ransomware or ongoing threat actor activity. The company has implemented additional security measures to further strengthen its systems. Erie Insurance is encouraging policyholders to follow best practices around personal security and notify their financial institutions of any unusual activity.
During the outage, Erie Insurance assured that it will not contact customers by phone or email to request payments. The company warned customers not to click on any links from unknown sources or share personal information via phone or email. Policyholders who need to initiate a claim can contact their local agent or Erie’s First Notice of Loss team at 800-367-3743.
This incident comes after a warning from John Hultquist, chief analyst for Google Threat Intelligence Group, who alerted the insurance industry to potential threats from actors known as Scattered Spider. These actors have a history of targeting specific industries in clusters and have been previously linked to attacks on MGM Resorts and casino companies.
The impact of the outage has been noticed in the collision repair industry, with some repairers posting on social media about the disruptions. This incident echoes last year’s ransomware attack on CDK, which caused significant disruptions to the dealership and collision repair industry.
Industry officials have emphasized the importance of having a Business Continuity Plan (BCP) in place for when technology fails. Experts stress that a cyber attack on one business can have ripple effects throughout multiple industries, highlighting the need for preparedness and robust cybersecurity measures.
