A Message from the Managing Director
When my wife and I established Assist Insurance Services, we did that with the knowledge that the customer service we will provide will be second to none, and that the security of our customers data will be secure at all times. As such, we have invested heavily in ensuring that every effort is made for your data to be secure at all times, and which is why we achieved the necessary accreditation from Cyber Essentials (About Cyber Essentials – NCSC.GOV.UK) in recognition of the level of security the company can demonstrate.
Despite these efforts, it is with regret that I have to confirm that on the 28th January 2024 we became aware that some client data may have been compromised due to unauthorised access to our systems by a malicious third party. Once the incident had been detected, we engaged security experts to take immediate actions to try to protect all our clients and the services we provide to them. As part of our duties, we also notified the I.C.O. (Information Commissioner’s Office) (which is a standard procedure in these incidents), the FCA (The Financial Conduct Authority) and the Police’s National Fraud & Cyber Crime Reporting Centre.
Following a review of all systems our security experts have now confirmed that unfortunately during the incident, there was the potential for unauthorised access to our servers with some client data on them.
What information may have been affected?
The following data was held on the server that was potentially accessed.
Name / Address / Date of Birth / Tel Number / Email address / Policy Number / Holiday Home risk details.
None of your financial data such as credit/debit card or bank details was on the server and is unaffected.
What have we done in response to the breach?
We deeply regret that this incident occurred, our aim is not to alarm you unnecessarily but want you to be aware that the incident has occurred. We have conducted a review of all our security systems and have implemented additional security measures designed to prevent future attacks and to protect your personal information and the privacy of our customers. I can confirm following this review and implementation of additional security all systems are up and running and you can continue to contact us to discuss your insurance needs as you previously have done so.
What does this mean for you?
This incident type is a reminder to all that we all must remain alert to any unusual or suspicious requests received by email or telephone that request personal details, (especially things like your date of birth, residential address, email address, username or passwords which are often used to verify your identity).
Potential consequences of data being used in an unauthorised manner could be phishing emails and text messages to try and extract personal information which could result in identity theft. If you do receive an unsolicited email or telephone call and are unsure of who is contacting you, please use the contact details in our letters or on our website to verify that correspondence is authentic. Here at Assist we will never contact you unprompted to ask for your account details or security information.
Questions and Answers
- Were my Credit or Debit card details accessed?
No. Please be reassured that the Assist Insurance Services is compliant with the global Payment Card Industry Data Security Standard (PCI DSS) and we do not store or record your card details so these were not available.
- Were my bank details accessed?
No. If you do pay by direct debit, your payment details will be held by Premium Credit Ltd who your payment agreement is through.
- Do you still have my details?
Yes. We back-up our systems daily and store this remotely offsite. Our Security experts have verified that the integrity of our data is unaffected, and all details have been reinstalled.
- Is my insurance policy still valid?
Yes. There has been no interruption to insurance services, or the cover provided by them.
- Were Assist’s security efforts substandard at the time?
Our client privacy is and always will be our priority. As part of this we have always routinely reviewed our security processes in conjunction with external IT experts. This process has included taking additional security measures such as achieving ‘Cyber Essentials’ certification for the past three years with our most recent accreditation being received as recently as December 2023.
- Has my data been stolen?
We are unable to confirm exactly what data may have been accessed. Our security experts have confirmed that during the incident, there was the potential for unauthorised access to our servers with some client data on them.
- What steps can I take?
Always check if you are uncertain, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately. We have also provided some links at the bottom of this page where you can get further advice.
- Is my Data safe now?
All our security systems have been reviewed in conjunction with I.T. security experts, as a result we have implemented further additional security measures designed to prevent future attacks and to protect your personal information and the privacy of all our customers.
I would like to offer our sincere apologies for any inconvenience this has caused. As mentioned, client privacy is our priority, and we will continue to monitor the situation and use every recourse to protect your personal data. If we discover any additional affected personal data (other than that already mentioned) we will write to any affected clients individually. We will also continue to update the details provided here with any further relevant information.
Kind Regards
Steve Leech
Managing Director
Useful information/links
Below we have provided some links to assist you with information on how to best protect yourself from fraudsters and cyber criminals.