IronRock hit in cyber incident
IronRock Insurance Company has become the latest company to be affected by cyber criminals at a time when the world continues to see a surge in cybercrime.
The general insurance company published a notice to its clients on Friday about a recent data breach which affected its IT infrastructure. The notice mentioned that immediate action was taken to contain the incident and minimise the impact of the February 6 cybersecurity incident. The firm regained full control of its IT infrastructure within an hour of the breach being detected.
“On March 14, 2024, we experienced a data breach as we became aware of IronRock data published on the dark web. We note that personal data published was from an auxiliary machine and not part of our core systems, and that the data itself was more than four years old. Our investigations have determined that the data includes the names and addresses of a limited number of clients. Our operational databases, main systems and daily operations were not impacted,” said the notice bearing IronRock’s Data Protection Officer Maurice Bolt’s name.
The general insurer also published a notice to the Jamaica Stock Exchange (JSE) saying it had no interruption in services and that “the breach had no material impact on the operations of the company. IronRock is committed to maintaining the highest levels of digital security and we are taking proactive steps to further strengthen our systems”.
This is the third listed company in under a year to mention being impacted by cybersecurity incidents. Mayberry Investments and Derrimon Trading Company were both victims of cyber criminals last year which saw different impacts to their operations. Two of Massy Holdings’ subsidiaries were also impacted by cyber criminals in late 2022. There have also been other regional businesses which have faced different situations due to being targeted by cyber criminals. Even the Jamaican Financial Services Commission (FSC) requested its licensees to send hard copy documents after being the victim of ransomware last September.
These continued cyber incidents have also resulted in numerous cybersecurity professionals encouraging more firms to approach them from early rather than wait until the incident becomes critical. This message has become more critical as numerous small and large international businesses see significant disruptions to their operations, and more Caribbean businesses announcing cyber incidents in recent years.
“From our side, aside from standard recommendations which require the undertaking of annual penetration and other system tests, we continue to urge our clients and, by extension, all companies to be more proactive and not just reactive. Likewise, we continue to encourage them to look at their cybersecurity posture and to harden systems accordingly prior to any attack,” said Ryan Meeks, security and operations manager at Symptai Consulting, at last October’s Jamaica Observer Business Forum.