July 28, 2023 - Group 1001, Inc. would like to provide an update to our stakeholders concerning the February 9, 2023, ransomware attack on our information technology infrastructure.
As previously reported, we immediately launched an investigation to determine the full scope of the incident, and a team of leading third-party forensic experts was engaged to assist in the investigation. The investigation revealed that the threat actor accessed certain of our file shares and copied a limited amount of information before deploying the ransomware.
It is important to note that we have not received any reports that personal information has been subject to fraudulent activity.
Over the past several months, we have been analyzing the impacted files since fully recovering our systems to understand what personal information may be at risk. We have begun the process of notifying the individuals whose personal information is confirmed to have been included. Impacted individuals will soon be receiving a letter that will explain how to enroll in the following services.
We are offering impacted individuals a number of identity protection services through IDX, a data breach and recovery services expert. The IDX identity protection package includes: Experian, Equifax, and TransUnion credit monitoring, CyberScan™ dark web monitoring, identity theft insurance (for up to $1,000,000 with no deductible), and fully-managed identity restoration services. We are offering these services to affected individuals free of charge for 24 months. IDX’s U.S.-based call center will be available to answer any questions.
To help prevent a similar occurrence in the future, we have implemented numerous additional measures designed to enhance the security of our network, systems, and data.
For further questions about this incident, please email our incident response team at:
[email protected].
_______________________________________________________________________________________________________________________________________________________________________________________________
AM Best Comments on Credit Ratings of Certain Group 1001 Insurance Holdings, LLC
Subsidiaries Following Ransomware Attack
FOR IMMEDIATE RELEASE
CONTACTS:
Erik Miller, CFA
Director
+1 908 439 2200, ext. 5187
[email protected]
Christopher Sharkey
Manager, Public Relations
+1 908 439 2200, ext. 5159
[email protected]
Michael Lagomarsino, CFA, FRM
Senior Director
+1 908 439 2200, ext. 5810
[email protected]
Al Slavin
Senior Public Relations Specialist
+1 908 439 2200, ext. 5098
[email protected]
AM Best Comments on Credit Ratings of Certain Group 1001 Insurance Holdings, LLC Subsidiaries Following Ransomware Attack
OLDWICK, N.J., March 2, 2023—AM Best has commented that the Credit Ratings (ratings) of certain Group 1001 Insurance Holdings, LLC’s rated subsidiaries remain unchanged following the parent company’s disclosure that it sustained a cybersecurity attack that caused a network disruption and impacted certain systems.
According to the company, the following subsidiaries experienced system interruptions but are now back to full functionality: Delaware Life Insurance Company, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity Company and Clear Spring Property and Casualty Company.
AM Best was notified of a cyber security ransomware attack that occurred against Group 1001 beginning in early February. Group 1001 has engaged with law enforcement and regulatory agencies following the attack. Group 1001 did not pay the ransomware and believes all systems have been cleaned and validated. Currently, Group 1001 believes the impact to business interruption was minimal and currently day-to-day operations have resumed as normal.
AM Best currently believes that the disruption caused by the ransomware attack has not reached a level that is material to the credit profile of the enterprise. AM Best recognizes that the situation remains highly fluid and will continue to monitor developments.
This press release relates to Credit Ratings that have been published on AM Best’s website. For all rating information relating to the release and pertinent disclosures, including details of the office responsible for issuing each of the individual ratings referenced in this release, please see AM Best’s
RecentRating Activity web page. For additional information regarding the use and limitations of Credit Rating opinions, please view
Guide to Best's Credit Ratings. For information on the proper use of Best’s Credit
Ratings, Best’s Performance Assessments, Best’s Preliminary Credit Assessments and AM Best press releases, please view
Guide to Proper Use of Best’s Ratings & Assessments.
AM Best is a global credit rating agency, news publisher and data analytics provider specializing in the insurance industry. Headquartered in the United States, the company does business in over 100 countries with regional offices in London, Amsterdam, Dubai, Hong Kong, Singapore and Mexico City. For more information, visit
www.ambest.com.
Copyright © 2023 by A.M. Best Rating Services, Inc. and/or its affiliates. ALL RIGHTS RESERVED.
UPDATE TO RECENT SYSTEM INTERRUPTIONS:
Group 1001 Insurance Units Resume Full Operations after Ransomware Attack
March 1, 2023 - Group 1001, Inc. would like to provide an update to our stakeholders concerning recent system interruptions experienced by certain Group 1001 Insurance member companies, including Delaware Life Insurance Company, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity Company, Clear Spring Property and Casualty Company, and our Clear Spring Health business. We are pleased to report that all of our companies are back to full functionality.
Incident Overview
- Beginning on February 9, 2023, we were alerted to the existence of sophisticated ransomware on our information technology infrastructure.
- We immediately launched an investigation to determine the full scope of the incident, and a team of third-party forensic experts was engaged to assist in the investigation, which is ongoing.
- Based on our investigation to date, our forensic experts have confirmed that the ransomware code deployed in our environment has been contained and will not spread to any other internal or external systems.
- We have alerted the FBI and will continue to provide information regarding the incident as they investigate.
- We did not pay a ransom.
Containment & Remediation
- We took immediate action by proactively disconnecting systems from our network to contain the threat and prevent additional systems from being affected.
- Along with our forensics experts, our team scanned systems for indicators of compromise and remediated any identified indicators of compromise.
- In addition, we deployed additional advanced endpoint detection and monitoring tools on our newly restored systems for an added layer of security and visibility across our network.
- All systems were validated as clean by conducting additional scans before they were brought back online.
- We have been, and continue to be, in communication with our regulators about this incident.
- There will be a number of other infrastructure enhancements to continuously strengthen the security posture of Group 1001’s network and systems in the days, months, and years ahead.
Restoration
- While our investigation is ongoing, we are confident that the attack has now been successfully contained.
- We have fully resumed normal operations.
- The security of our information and that of our contract holders and other stakeholders is important to us. Once our investigation is complete, we will notify any impacted parties as appropriate.
We want to confirm that it is safe to conduct business with us and to communicate with us via e-mail, our website portals, and our call centers. We apologize for any inconvenience and genuinely appreciate your patience and understanding as we worked vigorously to fully restore our computer networks.
For further questions about this incident, please e-mail our incident response team at: [email protected].
About Us
Initiatives
Contact Us