Can't read my, can't read my... broker face: Premium Credit back online a week after cyber attack

Signs so far point to no data leak

malware

UK-based insurance services firm Premium Credit has hauled itself back online following a malware-based attack that struck the business more than a week ago.

Premium Credit underwrites insurance premiums for a network of brokers, business and personal customers and has 400 staffers across the UK and Ireland.

In a statement on its website yesterday that accompanied its return after nine days offline, the UK and Ireland firm played down the episode, adding it had found "no evidence of data loss" following an unspecified "cyber incident".

External experts continue to investigate. "We have now restored many key systems, and are working around the clock to complete our full restoration," the statement concluded.

So what happened? The insurance premiums financer told El Reg that it had suffered from an unspecified malware outbreak, adding that it had taken its systems offline as a "precaution". In a follow-up statement, received via email, Adam Morghem, strategy and marketing director at Premium Credit, provided a fuller rundown of events.

On Sunday 16th September, our virus monitoring alerted us to a cyber incident. We followed our extensive security protocols designed to protect our systems and isolate our partners from harm. We then began the investigation into the incident with external 3rd party experts.

Since then, we have been working around the clock to restore our services for our brokers. Our trading systems are live with our brokers.

Our call centres have been open since Monday 17th to support customers and producers during the outage.

He told us the internal and external probes by infosec specialists had not turned up any evidence of data loss. He said it has told customers that they would not be disadvantaged as a result of their outage, and this included default charges. He also said it had a trading system up and running for brokers after three days, despite the website outage being three times as long.

"We can only apologise for the disruption this has caused our partners and their customers," said Morghem.

El Reg checked in with Troy Hunt, the security researcher behind the Have I been Pwned breach notification service and normally among the first people to hear about any customer data leak. He said he hadn't heard anything yet, a good sign, though hardly definitive. ®




Biting the hand that feeds IT © 1998–2018