[BreachExchange] Lyons Companies issues warning regarding potential data breach

Destry Winant destry at riskbasedsecurity.com
Mon Aug 26 10:15:39 EDT 2019


Lyons Companies has issued a notice warning its clients that it has
been the target of a potential data breach.

On March 12, 2019, the Wilmington, DE-based brokerage detected
“unusual activity” in an employee email account. Lyons then
immediately took steps to respond, and launched an investigation into
the unauthorized access, which involved working with third-party
forensic experts.

The investigation determined that two Lyons employee email accounts
were accessed without authorization – one account was accessed between
February 04 and March 12, and the other was accessed for a few hours
on March 12. The investigation was unable to confirm whether and what
type of information was potentially accessed, but Lyons has undertaken
a review of all the data within the two accounts to determine what
sort of information was present and to whom the data was related.

Lyons warned that the data potentially exposed by the incident may
include names, contact information, driver's license information, bank
account or other financial information, dates of birth, medical record
numbers, patient identification numbers, medical and/or clinical
information including diagnosis and treatment information, Medicare or
Medicaid identification numbers, and health insurance and claims
information. The brokerage additionally warned that for some
individuals, their social security numbers may have been compromised,
as well.

“Lyons takes this matter, and the security and privacy of all
information that we hold very seriously,” the brokerage said in a

The company explained that on top of its investigation, it has
enhanced the security of its systems since the incident. It will also
provide individuals who may have been affected notice of the incident,
as well as complimentary credit monitoring and identity restoration

More information about the BreachExchange mailing list