Data Breach at Decisely Insurance Services exposes personal information of over 65,000 individuals

Georgia-based Decisely Insurance Services said the data security incident it suffered last year compromised the sensitive personal data of more than 65,000 individuals.

 

Headquartered in Roswell, Georgia, Decisely Insurance Services is a benefits brokerage and HR services firm that offers its services to small businesses, sole proprietors and contractors.

 

In a data security incident notice filed with the Office of Vermont Attorney General, Decisely said that on December 17, it identified suspicious activity within its cloud storage platform. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected platform and notified relevant law enforcement authorities about the same.

 

“The investigation determined that some data may have been acquired on December 16, 2024. We then completed a comprehensive analysis of the data potentially involved to identify what information was impacted and to whom it belonged. We notified MetLife and worked with them so they could validate and confirm this data,” Decisely said.

 

While details of the compromised data wasn’t revealed in the sample letter shared with the Vermont state regulator, in a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Decisely said it has identified at least 65,405 individuals impacted by the incident.

 

“To reduce the likelihood of a similar incident occurring in the future, we implemented additional measures to enhance the security of the network,” the company added.

 

Decisely has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services through Kroll to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Decisely. The HR services firm provider also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.