Sterling Seacrest Pritchard, a US-based insurance brokerage and risk management firm, has disclosed a data breach involving unauthorized access to its email system that may have exposed personal information of approximately 7,400 individuals, according to a company notice.
The company reported that it identified suspicious activity within its email environment and initiated an investigation to determine the scope and nature of the incident. According to the disclosure, the unauthorized access was limited to certain email accounts, and the company stated that its core systems were not affected.
The information involved in the breach was contained within email communications. Sterling Seacrest Pritchard stated that the types of data potentially exposed vary depending on the contents of individual emails, and not all individuals had the same information involved. The company reported that the exposed data may include personal information typically shared in business correspondence, although it did not provide a comprehensive list of specific data elements for all affected individuals.
The company stated that it conducted an internal review of the impacted email accounts to determine which individuals may have been affected. Based on that review, the total number of potentially affected individuals was estimated at approximately 7,400. The company noted that this figure reflects the number of individuals whose information may have been contained in the compromised email accounts.
Sterling Seacrest Pritchard reported that it took steps to secure its email environment after detecting the unauthorized access. The company stated that it implemented measures to prevent further unauthorized activity and to strengthen the security of its systems.
According to the notice, the company is in the process of notifying individuals whose information may have been involved. The notification process is based on the findings of the internal review of the affected email accounts.
No details were provided regarding how access to the email system was obtained. The company also did not disclose how long the unauthorized activity may have persisted before it was identified. Sterling Seacrest Pritchard has not publicly identified any individual or group in connection with the incident.