Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage.
The company sent a breach notification dated June 30, which was obtained by Business Insurance, stating that it discovered the breach on April 26 and that an “unauthorized actor had leveraged a vulnerability in a third party’s software since at least April 22.”
The breach involved a “limited set of data,” and Marsh McLennan notified law enforcement authorities and took action that ended the breach on April 30, the notification said. The company said it reset system access rights and imposed additional restrictions.
The information involved included names, Social Security numbers or other federal tax identification numbers.
Marsh McLennan said in the notification it held the data because recipients were current or