E&M Insurance Data Breach: Sensitive Info Exposed

On February 20, 2024, E&M Insurance discovered a network security incident involving unauthorized access to its corporate email environment. According to the company's investigation, the breach occurred between February 8, 2024, and February 20, 2024, during which certain email accounts containing sensitive consumer information were compromised.

The company conducted a thorough forensic investigation with the assistance of external cybersecurity experts. On December 17, 2024, the investigation concluded that personal information stored within the impacted email accounts may have been subject to unauthorized access or acquisition.

The compromised information includes personally identifiable information (PII) such as full names, dates of birth, Social Security numbers, driver's license numbers, state identification and other government identification numbers, and credit/debit card information.

Additionally, protected health information (PHI), including medical information and health insurance details, was also exposed. The exact number of individuals impacted by the breach has not been publicly disclosed.

E&M Insurance's Response

To assist those potentially affected, E&M Insurance is offering complimentary identity protection services through Experian IdentityWorks Credit 3B. This service provides identity theft detection and resolution services, including daily credit monitoring across Experian, Equifax, and TransUnion, access to Experian credit reports, identity restoration assistance, and up to $1 million in identity theft insurance coverage.

Affected individuals are encouraged to enroll in this complimentary service and remain vigilant by regularly reviewing their financial statements and credit reports for any signs of fraudulent activity. Additionally, consumers can place a fraud alert or security freeze on their credit files to further protect themselves from identity theft.

For detailed instructions on how to enroll in the identity protection services and additional steps to safeguard personal information, consumers can refer to the Notice of Data Security Incident on E&M Insurance's website.

The company has also officially reported this incident to regulatory authorities. The breach notification can be viewed on the Vermont Attorney General's website.