Log In

Reset Password
BERMUDA | RSS PODCAST

Data security breach investigated

A leading local insurance company has confirmed that personal client data was accidentally released to unauthorised recipients, but said it did not include personal health or financial information.

CG Insurance confirmed to The Royal Gazette that an employee “inadvertently and mistakenly” shared information containing personal client data to third-party recipients and that it has since reported the incident to regulators as required by law.

The company said it became aware of the incident, which involved members of its wellness programme, on April 6. It did not disclose how many clients were involved.

A CG statement said: “We regret the alarm and concern this incident has caused our members.

“The foundation of our work is trust, which requires continuing vigilance and action to ensure that the interests of our clients in all circumstances are protected.”

The news comes as the long-time Bermuda insurer just this week announced its 100 per cent purchase of Massy United Insurance Ltd of Barbados.

The deal expands CG’s presence in the Caribbean, adding 14 new markets in which it operates under the name CG United.

Last month’s accidental data exposure triggered an immediate and thorough investigation across all of CG owner Coralisle Group’s companies.

Executives said their enquiries concluded the following:

• The personal data shared included the respective names, date of birth, gender, employee number, place of employment and country of wellness programme members

• There was no evidence that personal health information, payment information, or e-mail addresses had been shared

• There was nothing found that would result in any negative impact nor would it be likely to prejudice the rights and freedoms of the individuals involved

• The inadvertently shared data was deleted by the third-party recipients.

CG said: “As a result of its investigation, CG Insurance adopted group-wide measures to prevent a recurrence of the incident and to further protect the privacy of its clients.

“Those measures included the introduction of additional protocols governing data sharing, the implementation of multi-check technical requirements for certain communications and increasing controls around employee access to client information.”

CG said it contacted all client company administrators to inform them of the investigation and the adoption of measures to further protect client data. They asked clients to notify their employees.

CG Insurance said that an employee “inadvertently and mistakenly” shared information containing personal client data (Photograph by David Fox)

You must be Registered or to post comment or to vote.

Published May 06, 2022 at 7:51 am (Updated May 06, 2022 at 7:51 am)

Data security breach investigated

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon