Posted On February 28, 2023 Consumer Privacy & Data Breaches
February 28, 2023 – After learning that an unauthorized party could access confidential student information stored in its computer network, Crum & Forster filed notice of a data breach with the Massachusetts Attorney General on February 22, 2023. According to the filing, an unauthorized party accessed sensitive consumer information like names and Social Security numbers. Once it was confirmed that there was a data leak, Crum & Forster sent data breach notification letters to all individuals affected by the data security incident.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Crum & Forster data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Crum & Forster.
Crum & Forster is an insurance company that offers many different kinds of insurance coverage, such as health, casualty, property, accident, and specialty insurance. Established in 1822 and based in Morristown, New Jersey, Crum & Forster now employs over 2,300 people and generates approximately $2.3 billion in revenue annually. Fairfax Holdings, which Crum & Forster is a part of, generates approximately $23.8 billion in revenue annually.
According to its filing with the Massachusetts Attorney General’s office, Crum & Forster determined that an unauthorized party had breached its computer network. After investigating unusual activity on its computer network and discovering a possible cyberattack, Crum & Forster worked with a third-party company specializing in cybersecurity to look into the incident.
After learning that an unauthorized party accessed the computer network on February 3, 2022, Crum & Forster discovered that sensitive consumer data was, in fact, exposed to a third party. The next step was to review the files and determine what information was made available. The types of information exposed were consumers’ names and Social Security numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On February 22, 2023, Crum & Forster sent data breach notification letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Crum & Forster, it means your personal information was included in the data breach. Your personal information may have been accessed by hackers who use the information to commit a range of crimes, including identity theft. After a data breach, it can be difficult to find the hackers responsible. Whether the hackers are found or not, they might not be the only ones responsible for the data breach. They may have been the ones committing the crime, but according to U.S. data breach laws, victims may be able to receive financial compensation from the company that was the target of the leak.
Though companies like Crum & Forster are considered victims of the attack as well, they are also the ones responsible for defending such sensitive information from cyberattacks. State and federal laws claim that companies have to take certain precautions regarding consumer information and can be considered negligent if those precautions are not taken.
Such precautions include:
Under U.S. data breach laws, the companies that store data have a responsibility to ensure the security of consumer information. If they have been breached and that data has been accessed by unauthorized parties, they may be held financially responsible. The situation isn’t always black and white concerning the laws of responsibility following a breach. That is why you should pursue legal assistance in the event of a breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Crum & Forster data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
We are writing with important information regarding a recent security incident. The privacy and security of the personal information we maintain is of the utmost importance to Crum & Forster. We wanted to provide you with information about the incident, explain the services we are making available to you, and let you know that we continue to take significant measures to protect your information.
We recently discovered that an unauthorized individual may have obtained access to a limited amount of personal information between December 19, 2021 and March 20, 2022. We immediately launched an investigation in consultation with outside data privacy professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the information. Based on our comprehensive investigation and document review, which concluded on February 3, 2023, we discovered that your full name or first initial with last name and one or more of the following were removed by the unauthorized individual in connection with this incident:
To date, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident. Out of an abundance of caution, we wanted to make you aware of the incident, explain the services we are making available to help safeguard you against identity fraud, and suggest steps that you should take as well. To protect you from potential misuse of your information, we are offering a complimentary 24-month membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. IdentityWorks Credit 3B is completely free to you and enrolling in this program will not hurt your credit score. For more information on identity theft prevention and IdentityWorks Credit 3B, including instructions on how to activate your complimentary 24-month membership, please see the additional information provided in this letter.
This letter also provides other precautionary measures you can take to protect your personal information, including placing a Fraud Alert and/or Security Freeze on your credit files, and/or obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.
Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.
If you have any further questions regarding the ease, call our dedicated and confidential toll-free response line that we have set up to respond to questions at This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to protect against misuse of your information. The response line is available Monday through Friday, 9am – 9pm Eastern Time.