Dive Brief:
- Builders Mutual Insurance Co., a commercial construction underwriter based in Raleigh, North Carolina, was the target of a hack that affected the personal information of 64,761 customers, current employees and former workers, according to a filing with the Maine Attorney General’s office on Sept. 29.
- The insurer noticed suspicious activity on Dec. 14, 2022, and contracted third-party specialists to investigate, according to documents the company submitted to the attorney general’s office. On Dec. 15, investigators discovered that certain files were copied, and worked to determine whether they contained sensitive information. Potentially compromised data included names, Social Security numbers, medical information, health insurance information and workers’ compensation data.
- Builders Mutual works with a variety of clients in both the homebuilding and nonresidential construction industries, according to its website, and provides business packages for workers’ compensation, general liability and property insurance. The underwriter also offers crime, auto and inland marine protection.
Dive Insight:
A recent report by global credit agency AM Best noted that Builders Mutual had a strong culture of governance which included the “ongoing monitoring of cyber threats.” Builders Mutual did not respond to requests for comment on the data breach.
Per its filing with the state of Maine, as a result of the breach, Builders Mutual is offering:
- Additional safeguards and training to employees.
- 12 months of free credit monitoring for affected individuals.
- Information on how to place a fraud alert and security freeze on one’s credit file.
- Contact details for the national consumer reporting agencies.
- Information on how to obtain a free credit report.
News of the breach follows a troubling report from Dodge Construction Network and content security and management company Egnyte that concluded builders are largely unprepared for cyberattacks. Among AEC firms surveyed, 59% said they had experienced a cybersecurity threat in the last two years.
When it comes to preventing data breaches, contractors need to build a defense system in order to protect themselves, according to cyber expert Stel Valavanis. That means preparing a cybersecurity framework and getting serious about IT support.
“Organizations must use every available resource to reduce downtime and limit financial exposure by taking action to proactively detect and preempt attacks,” said Valavanis, CEO of onShore Security, a Chicago-based cybersecurity firm.