Home / Daily / Loss assessor AAMC hit by cyber breach
25 July 2019
Motor loss assessing firm AAMC has alerted insurers after an unauthorised cyber breach affected part of its systems.
The breach in early June was caused by “a known cyber security researcher” that seeks out company vulnerabilities and which then offers to help improve data security.
AAMC says the breach affected a database service used by the firm which contains a sub-set of information for searching for files, and which contained minimal personally identifiable information.
“Our full database was secure and we can confirm was not accessed,” MD Steve Chapman said in a statement to insuranceNEWS.com.au.
“As soon as we received notification from the security researcher, we took immediate steps to close the vulnerability and engage the services of a cyber forensic investigator.”
A full investigation was carried out to ensure the firm met obligations to clients as well as data breach requirements overseen by the Office of the Australian Information Commissioner (OAIC).
“Our investigation conclusively determined that no entity other than the security researchers gained access to the database service and that no entity had exploited the vulnerability or gained access to any other aspect of our system or network,” he said.
AAMC gained written assurances from the cyber security researchers that they hadn’t used, saved or disclosed any personal details obtained and had deleted all information.
The company says it does not collect financial details, tax file numbers, health information or other sensitive information.
AAMC says that in the circumstances the breach was not likely to result in serious harm to individuals, and therefore was not a breach requiring notification to the OAIC.
“AAMC takes cyber security very seriously and have conducted a subsequent, extensive penetration test with our security testing provider and are currently implementing additional processes and procedures to further improve our security measures and staff education,” Mr Chapman said.
The Brisbane-based company, which has been operating for 17 years, has a regional office in Melbourne and more than 200 employees throughout all states, according to its LinkedIn page.
Clients include major motor vehicle insurers Suncorp and IAG.
A Suncorp spokesman says the company is aware of an issue with AAMC’s IT systems.
“We take data security very seriously and are continuing to seek assurances from AAMC about the issue and its ongoing security arrangements,” he told insuranceNEWS.com.au.