June 30, 2021 – Arthur J. Gallagher & Co. (“Gallagher”) is issuing notice of a data security event that affected the security of certain information.
What Happened. On September 26, 2020, Gallagher detected a ransomware event impacting our internal systems. We promptly took all our systems offline as a precautionary measure, initiated response protocols, notified law enforcement, launched an investigation with the assistance of third-party cybersecurity and forensic specialists, and implemented our business continuity plans to minimize disruption to our customers, and ensure the ongoing security of our systems. Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020.
What Information Was Affected. While the investigation was able to confirm that certain systems were accessed, it was unable to confirm what information within those systems was actually accessed. Therefore, in an abundance of caution, Gallagher conducted an extensive review of the entire contents of the impacted systems and is notifying impacted individuals. This review determined that one or more of the following types of information associated with certain individuals were present on impacted systems and may have been subject to access or acquisition by the unknown actor: Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number, and biometric information.
What We Are Doing. The privacy and security of information are among one of our highest priorities and Gallagher has strict security measures in place to protect information in our care. Upon discovering this incident, we immediately took steps to protect the privacy and security of client, partner, and employee information. We also reviewed existing security policies and implemented additional measures and enhanced security tools to further protect information in our systems. We also implemented additional safeguards and are providing additional training to our employees on data privacy and security. We are notifying impacted individuals and regulatory authorities, as required by law.
What Affected Individuals Can Do. Individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and credit reports for unusual activity and reporting any suspicious activity immediately to their financial institution. In addition, we are offering affected individuals access to complimentary identity and credit monitoring services. Additional detail can be found below in the Steps You Can Take to Help Protect Your Information.
For More Information. If you have questions about this incident you may call our dedicated assistance line at (855) 731-3320 Monday through Friday (excluding U.S. holidays), during the hours of 8:00 a.m. to 5:30 p.m., Central Time. Individuals may also write to Gallagher at 2850 W. Golf Rd., Rolling Meadows, IL 60008.