An investigation into a breach of the UK-headquartered Chartered Insurance Institute's (CII) IT systems by an unauthorised third-party has revealed personal data relating to 20% of customer records was accessed.
The institute this morning (28 October) said it had concluded its investigations into the matter and has reported the incident to the Information Commissioner's Office.
The CII confirmed a fifth of its customers' data was impacted including either their name or the name of their firm, address or email and address, telephone number and data of birth. No financial information was affected in the 30 September incident, which was discovered after a routine update patch was not initially applied correctly to its systems.
All affected individuals have been contacted already, the institute confirmed.
It added it had shared details of the breach "in the spirit of openness and transparency" but have been informed there is "low risk to members and customers affected" due the likelihood the information was already in the public domain. However, the CII warned those affected to "remain vigilant for suspicious activity".
"We are sorry that this incident happened," said chief executive Alan Vallance. "We are committed to maintaining the security of the data that we hold and we have undertaken a detailed review of our security systems and testing protocols and made improvements."